Mattermost Jira plugin versions shipped with Mattermost...
Moderate severity
Unreviewed
Published
Mar 15, 2024
to the GitHub Advisory Database
•
Updated Dec 13, 2024
Description
Published by the National Vulnerability Database
Mar 15, 2024
Published to the GitHub Advisory Database
Mar 15, 2024
Last updated
Dec 13, 2024
Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server.
References