CVE-2017-18904
MEDIUM6.1EPSS 0.36%Mattermost Server vulnerable to XSS via an uploaded file in github.com/mattermost/mattermost-server
Published: 5/24/2022Modified: 3/3/2026
Description
Mattermost Server vulnerable to XSS via an uploaded file in github.com/mattermost/mattermost-server
Affected packages (2)
- Go/github.com/mattermost/mattermost-serverfrom 0, < 3.9.2
- Go/github.com/mattermost/mattermost-serverfrom 0, < 3.9.2+incompatible, >= 3.10.0+incompatible, < 3.10.2+incompatible
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
References (7)
- ADVISORYhttps://github.com/advisories/GHSA-8pff-p3gx-w4jf
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-18904
- PATCHhttps://github.com/mattermost/mattermost
- WEBhttps://github.com/mattermost/mattermost/commit/6a2754376c8c8270be5e11e3fdab589659d0cc8d
- WEBhttps://github.com/mattermost/mattermost/commit/bde06a7bc3a03a56da224c1ffcd8bffb0af8071b
- WEBhttps://github.com/mattermost/mattermost/commit/f06c5bef4d78966c60b153bbec6eea4ec0be9e68
- WEBhttps://mattermost.com/security-updates