CVE-2020-8292

Summary

Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.

Affected Software

VendorProductVersion RangeStatus
n/aRocket.Chat serverFixed in 3.9.0affected

Weaknesses

  • CWE-79: Cross-site Scripting (XSS) - DOM (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References