CVE-2023-35075

Published: 2023-11-27T10:15Z

Last Modified: 2024-11-21T08:07Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt