Back

CVE-2024-46934

Sept. 25, 2024, 1:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Rocket.Chat

  • 6.12.0
  • 6.11.2
  • 6.10.5
  • 6.9.6
  • 6.8.6
  • 6.7.8
  • earlier

Source

cve@mitre.org

Tags

cve@mitre.org
2024-09-25
CVE-2024-46934

CVE-2024-46934 details

Published : Sept. 25, 2024, 1:15 a.m.
Last Modified : Sept. 25, 2024, 1:15 a.m.

Description

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://docs.rocket.chat/docs/rocketchat-security-fixes-updates-and-advisories cve@mitre.org
https://github.com/RocketChat/Rocket.Chat/pull/33246 cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.