A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control characters but an error will be displayed that shows the attempted username unescaped via packages/rocketchat-ui-login/client/username/username.js in packages/rocketchat-ui-login/client/username/username.html.
References
Link | Resource |
---|---|
https://github.com/RocketChat/Rocket.Chat/issues/10795 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:20
Updated: 2022-10-03T16:22:20
Reserved: 2022-10-03T00:00:00
Link: CVE-2018-13879
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-07-11T01:29:01.550
Modified: 2018-09-05T16:33:51.227
Link: CVE-2018-13879
JSON object: View
Redhat Information
No data.
CWE