Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

rocket.chat rocket.chat vulnerabilities and exploits

(subscribe to this query)

6.1
CVSSv3
CVE-2021-22886
Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app....
Rocket.chat Rocket.chatRocket.chat Rocket.chat 3.11.0
6.1
CVSSv3
CVE-2017-1000054
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages....
Rocketchat Rocket.chat 0.35.0Rocketchat Rocket.chat 0.34.0Rocketchat Rocket.chat 0.33.0Rocketchat Rocket.chat 0.32.0Rocketchat Rocket.chat 0.18.1Rocketchat Rocket.chat 0.18.0Rocketchat Rocket.chat 0.17.0Rocketchat Rocket.chat 0.16.0Rocketchat Rocket.chat 0.49.1Rocketchat Rocket.chat 0.49.0Rocketchat Rocket.chat 0.48.2Rocketchat Rocket.chat 0.48.1Rocketchat Rocket.chat 0.55.1Rocketchat Rocket.chat 0.54.2Rocketchat Rocket.chat 0.54.1Rocketchat Rocket.chat 0.54.0Rocketchat Rocket.chat 0.53.0Rocketchat Rocket.chat 0.38.0Rocketchat Rocket.chat 0.37.0Rocketchat Rocket.chat 0.30.0Rocketchat Rocket.chat 0.28.0Rocketchat Rocket.chat 0.21.0Rocketchat Rocket.chat 0.19.0Rocketchat Rocket.chat 0.15.0Rocketchat Rocket.chat 0.13.0Rocketchat Rocket.chat 0.9.0Rocketchat Rocket.chat 0.49.3Rocketchat Rocket.chat 0.47.1Rocketchat Rocket.chat 0.46.0Rocketchat Rocket.chat 0.41.0Rocketchat Rocket.chat 0.56.0Rocketchat Rocket.chat 0.52.0Rocketchat Rocket.chat 0.50.1Rocketchat Rocket.chat 0.57.1Rocketchat Rocket.chat 0.8.0Rocketchat Rocket.chat 0.39.0Rocketchat Rocket.chat 0.26.0Rocketchat Rocket.chat 0.25.0Rocketchat Rocket.chat 0.24.0Rocketchat Rocket.chat 0.23.0Rocketchat Rocket.chat 0.12.0Rocketchat Rocket.chat 0.11.0Rocketchat Rocket.chat 0.10.2Rocketchat Rocket.chat 0.10.1Rocketchat Rocket.chat 0.45.0Rocketchat Rocket.chat 0.44.0Rocketchat Rocket.chat 0.43.0Rocketchat Rocket.chat 0.42.0Rocketchat Rocket.chat 0.57.0Rocketchat Rocket.chat 0.37.1Rocketchat Rocket.chat 0.36.0Rocketchat Rocket.chat 0.31.0Rocketchat Rocket.chat 0.29.0Rocketchat Rocket.chat 0.27.0Rocketchat Rocket.chat 0.22.0Rocketchat Rocket.chat 0.20.0Rocketchat Rocket.chat 0.14.0Rocketchat Rocket.chat 0.12.1Rocketchat Rocket.chat 0.10.0Rocketchat Rocket.chat 0.49.4Rocketchat Rocket.chat 0.49.2Rocketchat Rocket.chat 0.48.0Rocketchat Rocket.chat 0.47.0Rocketchat Rocket.chat 0.40.1Rocketchat Rocket.chat 0.55.0Rocketchat Rocket.chat 0.51.0Rocketchat Rocket.chat 0.50.0Rocketchat Rocket.chat 0.57.2
7.5
CVSSv3
CVE-2021-22892
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks....
Rocket.chat Rocket.chatRocket.chat Rocket.chat 3.12.3Rocket.chat Rocket.chat 3.12.4Rocket.chat Rocket.chat 3.12.5
9.8
CVSSv3
CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE....
Rocket.chat Rocket.chat 3.11.0Rocket.chat Rocket.chat 3.12.0Rocket.chat Rocket.chat 3.13.0
6.1
CVSSv3
CVE-2020-15926
Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side....
Rocket.chat Rocket.chat
6.1
CVSSv3
CVE-2019-17220
Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line....
Rocket.chat Rocket.chat
8.8
CVE-2022-35248
A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login....
Rocket.chat Rocket.chat
6.5
CVE-2022-32220
An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room....
Rocket.chat Rocket.chat
5.3
CVE-2022-32217
A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs....
Rocket.chat Rocket.chat
9.8
CVSSv3
CVE-2021-22910
A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE....
Rocket.chat Rocket.chat
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-45441arbitrary CVE-2022-31254CVE-2023-0719CVE-2023-25136CVE-2023-0744CVE-2022-0847unspecifiedspoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook