Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affecting github.com/mattermost/mattermost-server/server/v8 package, versions <8.1.10 >=9.4.0 <9.4.3 >=9.3.0 <9.3.2 >=9.2.0 <9.2.6
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Scope
Changed
Threat Intelligence
EPSS
0.04% (9th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMMATTERMOSTMATTERMOSTSERVERSERVERV8-6457213
- published 18 Mar 2024
- disclosed 18 Mar 2024
- credit Juho Nurminen
Introduced: 18 Mar 2024
CVE-2024-2445 Open this link in a new tabHow to fix?
Upgrade github.com/mattermost/mattermost-server/server/v8 to version 8.1.10, 9.4.3, 9.3.2, 9.2.6 or higher.
Overview
Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') due to the failure to properly escape user-controlled outputs when generating HTML pages. An attacker can inject malicious scripts into web pages viewed by other users by crafting a link that includes malicious JavaScript and convincing the user to click on it.