CVE-2022-35251 - OpenCVE

A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Rocket.chat	Rocket.chat

Configuration 1 [-]

cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*

References

Link	Resource
https://hackerone.com/reports/1401268	Exploit Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2022-09-23T18:28:12

Updated: 2022-09-23T18:28:12

Reserved: 2022-07-06T00:00:00

Link: CVE-2022-35251

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-09-23T19:15:14.150

Modified: 2022-09-26T18:57:30.417

Link: CVE-2022-35251

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Rocket.chat", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in 5.0>"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Cross-site Scripting (XSS) - Stored (CWE-79)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-23T18:28:12", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1401268"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "ID": "CVE-2022-35251", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Rocket.chat", "version": {"version_data": [{"version_value": "Fixed in 5.0>"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site Scripting (XSS) - Stored (CWE-79)"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/1401268", "refsource": "MISC", "url": "https://hackerone.com/reports/1401268"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2022-35251", "datePublished": "2022-09-23T18:28:12", "dateReserved": "2022-07-06T00:00:00", "dateUpdated": "2022-09-23T18:28:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*", "matchCriteriaId": "CFB310B9-2905-42DC-9D4A-F5233748BEC0", "versionEndExcluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de tipo Cross-site scripting en Rocket.chat versiones anteriores a v5 debido a una inyecci\u00f3n de estilo en la ventana de chat completa, un adversario es capaz de manipular no s\u00f3lo el estilo de la misma, sino que tambi\u00e9n ser\u00e1 capaz de bloquear la funcionalidad as\u00ed como secuestrar el contenido de los usuarios objetivo. Por lo tanto, las cargas \u00fatiles son almacenadas en los mensajes, es un vector de ataque persistente, que ser\u00e1 desencadenado tan pronto como el mensaje sea visualizado.\n"}], "id": "CVE-2022-35251", "lastModified": "2022-09-26T18:57:30.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-23T19:15:14.150", "references": [{"source": "support@hackerone.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://hackerone.com/reports/1401268"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "support@hackerone.com", "type": "Secondary"}]}