CVE-2017-1000054

CVSS V2 Medium 4.3 CVSS V3 Medium 6.1
Description
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
Overview
  • CVE ID
  • CVE-2017-1000054
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2017-07-17T13:18:17
  • Last Modified Date
  • 2017-07-19T17:38:24
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:rocketchat:rocket.chat:0.8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.10.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.10.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.10.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.11.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.12.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.12.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.13.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.14.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.15.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.16.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.17.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.18.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.18.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.19.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.20.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.21.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.22.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.23.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.24.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.25.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.26.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.27.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.28.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.29.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.30.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.31.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.32.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.33.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.34.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.35.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.36.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.37.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.37.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.38.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.39.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.40.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.41.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.42.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.43.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.44.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.45.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.46.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.47.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.47.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.48.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.48.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.48.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.49.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.49.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.49.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.49.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.49.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.50.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.50.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.51.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.52.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.53.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.54.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.54.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.54.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.55.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.55.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.56.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.57.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.57.0:rc0:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.57.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.57.0:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.57.0:rc3:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.57.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:rocketchat:rocket.chat:0.57.2:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 6.1
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 2.7
History
Created Old Value New Value Data Type Notes
2022-05-10 09:25:19 Added to TrackCVE
2022-12-02 18:41:44 2017-07-17T13:18Z 2017-07-17T13:18:17 CVE Published Date updated
2022-12-02 18:41:44 2017-07-19T17:38:24 CVE Modified Date updated
2022-12-02 18:41:44 Analyzed Vulnerability Status updated