CVE-2021-22886

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
rocket.chatrocket.chat
𝑥
< 3.8.8
rocket.chatrocket.chat
3.9.0 ≤
𝑥
< 3.9.7
rocket.chatrocket.chat
3.10.0 ≤
𝑥
< 3.10.5
rocket.chatrocket.chat
3.11.0:rc0
rocket.chatrocket.chat
3.11.0:rc1
rocket.chatrocket.chat
3.11.0:rc2
rocket.chatrocket.chat
3.11.0:rc3
rocket.chatrocket.chat
3.11.0:rc4
rocket.chatrocket.chat
3.11.0:rc5
rocket.chatrocket.chat
3.11.0:rc6
rocket.chatrocket.chat
3.11.0:rc7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.rocket.chat/guides/security/security-updates
https://github.com/RocketChat/Rocket.Chat/pull/20430
https://hackerone.com/reports/1014459
https://docs.rocket.chat/guides/security/security-updates
https://github.com/RocketChat/Rocket.Chat/pull/20430
https://hackerone.com/reports/1014459