Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
rocket.chat rocket.chat vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-35248
A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login.
Rocket.chat Rocket.chat
NA
CVE-2022-35249
A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.
Rocket.chat Rocket.chat
NA
CVE-2022-35250
A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate privileges for any authenticated user to view Direct messages without appropriate permissions.
Rocket.chat Rocket.chat
NA
CVE-2022-35251
A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Henc...
Rocket.chat Rocket.chat
668
VMScore
CVE-2017-1000493
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover
Rocket.chat Rocket.chat
384
VMScore
CVE-2020-15926
Rocket.Chat up to and including 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.
Rocket.chat Rocket.chat
312
VMScore
CVE-2018-13879
A reflected XSS issue exists in the registration form in Rocket.Chat prior to 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via ...
Rocket.chat Rocket.chat
446
VMScore
CVE-2020-28208
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat up to and including 3.9.1.
Rocket.chat Rocket.chat
435
VMScore
CVE-2019-17220
Rocket.Chat prior to 2.1.0 allows XSS via a URL on a ![title] line.
Rocket.chat Rocket.chat
1 EDB exploit
NA
CVE-2022-30124
An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code).
Rocket.chat Rocket.chat
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »