CVE-2026-3495
LOW3.8EPSS 0.03%Mattermost doesn't escape some variables that could contain malicious content during error page composition
發布日:2026/5/18修改日:2026/6/1
描述
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622
受影響套件(2)
- Go/github.com/mattermost/mattermost-serverfrom 0, < 5.3.2-0.20260310115442-5a1ea95044dc
- Go/github.com/mattermost/mattermost/server/v8>= 10.11.0, < 10.11.14
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | LOW3.8 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |