CVE-2021-37860: XSS
First published: Wed Sep 22 2021(Updated: )
Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.
Credit: responsibledisclosure@mattermost.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mattermost Mattermost | <=5.38 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Mattermost?
The vulnerability ID for Mattermost is CVE-2021-37860.
What is the severity of CVE-2021-37860?
The severity of CVE-2021-37860 is medium.
How does CVE-2021-37860 affect Mattermost?
CVE-2021-37860 affects Mattermost version 5.38 and earlier by allowing a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.
How can I fix CVE-2021-37860 in my Mattermost deployment?
To fix CVE-2021-37860 in your Mattermost deployment, make sure to upgrade to a version newer than 5.38 that includes the necessary fixes and improvements.
Where can I find more information about CVE-2021-37860?
You can find more information about CVE-2021-37860 on the Mattermost website at https://mattermost.com/security-updates/.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/mattermost
- canonical/mattermost mattermost
- version/mattermost mattermost/5.38