CVE-2017-18913: XSS
First published: Fri Jun 19 2020(Updated: )
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mattermost Mattermost Server | <3.6.7 | |
| Mattermost Mattermost Server | >=3.7.0<3.7.5 | |
| Mattermost Mattermost Server | >=3.8.0<3.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-18913?
CVE-2017-18913 is an issue discovered in Mattermost Server before version 3.8.2, 3.7.5, and 3.6.7 that allows for XSS attacks via a link on an error page.
How severe is CVE-2017-18913?
CVE-2017-18913 has a severity rating of medium, with a CVSS score of 6.1.
Which software versions are affected by CVE-2017-18913?
Mattermost Server versions before 3.8.2, 3.7.5, and 3.6.7 are affected by CVE-2017-18913.
How can XSS occur via a link on an error page in Mattermost Server?
XSS can occur via a link on an error page in Mattermost Server due to the vulnerability in versions before 3.8.2, 3.7.5, and 3.6.7.
What is the Common Vulnerabilities and Exposures (CVE) ID for this vulnerability?
The Common Vulnerabilities and Exposures (CVE) ID for this vulnerability is CVE-2017-18913.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mattermost
- canonical/mattermost mattermost server
- version/mattermost mattermost server/3.7.0
- version/mattermost mattermost server/3.8.0