CVE-2023-7113

Summary

Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client.

Affected Software

VendorProductVersion RangeStatus
MattermostMattermost0 <= 8.1.6affected
MattermostMattermost0 <= 9.2.0affected
MattermostMattermost8.1.7unaffected
MattermostMattermost9.2.0unaffected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References