Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rocket.chat rocket.chat vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-22892
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.
Rocket.chat Rocket.chat
Rocket.chat Rocket.chat 3.12.3
Rocket.chat Rocket.chat 3.12.4
Rocket.chat Rocket.chat 3.12.5
383
VMScore
CVE-2017-1000054
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
Rocketchat Rocket.chat 0.11.0
Rocketchat Rocket.chat 0.29.0
Rocketchat Rocket.chat 0.26.0
Rocketchat Rocket.chat 0.23.0
Rocketchat Rocket.chat 0.49.1
Rocketchat Rocket.chat 0.28.0
Rocketchat Rocket.chat 0.16.0
Rocketchat Rocket.chat 0.25.0
Rocketchat Rocket.chat 0.44.0
Rocketchat Rocket.chat 0.57.0
Rocketchat Rocket.chat 0.21.0
Rocketchat Rocket.chat 0.57.2
Rocketchat Rocket.chat 0.37.0
Rocketchat Rocket.chat 0.52.0
Rocketchat Rocket.chat 0.49.4
Rocketchat Rocket.chat 0.54.2
Rocketchat Rocket.chat 0.47.0
Rocketchat Rocket.chat 0.31.0
Rocketchat Rocket.chat 0.55.0
Rocketchat Rocket.chat 0.47.1
Rocketchat Rocket.chat 0.48.0
Rocketchat Rocket.chat 0.18.0
670
VMScore
CVE-2021-22911
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
Rocket.chat Rocket.chat 3.11.0
Rocket.chat Rocket.chat 3.12.0
Rocket.chat Rocket.chat 3.13.0
10 Github repositories
383
VMScore
CVE-2021-22886
Rocket.Chat prior to 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote malicious user to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop ap...
Rocket.chat Rocket.chat
Rocket.chat Rocket.chat 3.11.0
NA
CVE-2022-35251
A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Henc...
Rocket.chat Rocket.chat
384
VMScore
CVE-2020-15926
Rocket.Chat up to and including 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.
Rocket.chat Rocket.chat
NA
CVE-2022-44567
A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an malicious user to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to remote code execution (internalVideoChatWindow.ts#L17). To exploit the v...
Rocket.chat Rocket.chat
NA
CVE-2023-28318
A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices.
Rocket.chat Rocket.chat -
NA
CVE-2023-28357
A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a us...
Rocket.chat Rocket.chat
NA
CVE-2023-28359
A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server r...
Rocket.chat Rocket.chat
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »