CVE-2020-8288

EPSS 0.8%CWE-79

The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.

Affected products

n/a · Rocket.Chat server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.rocket.chat/guides/security/security-updates https://hackerone.com/reports/899954 https://rocket.chat/xss-vulnerability-hotfix-available-for-all-affected-versions/