Product:

Mattermost_server

(Mattermost)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 215
Date Id Summary Products Score Patch Annotated
2020-06-19 CVE-2017-18910 An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links. Mattermost_server N/A
2020-06-19 CVE-2017-18909 An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. Mattermost_server N/A
2020-06-19 CVE-2017-18908 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address. Mattermost_server N/A
2020-06-19 CVE-2017-18905 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled. Mattermost_server N/A
2020-06-19 CVE-2017-18904 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file. Mattermost_server N/A
2020-06-19 CVE-2017-18903 An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled. Mattermost_server N/A
2020-06-19 CVE-2017-18902 An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints. Mattermost_server N/A
2020-06-19 CVE-2017-18893 An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS. Mattermost_server N/A
2020-06-19 CVE-2016-11083 An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. Mattermost_server N/A
2020-06-19 CVE-2016-11082 An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. Mattermost_server N/A