CVE ID : CVE-2025-13523
Published : Feb. 6, 2026, 4:16 p.m. | 1 hour, 43 minutes ago
Description : Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
from Latest Vulnerabilities https://ift.tt/648KFmR
via IFTTT
Published : Feb. 6, 2026, 4:16 p.m. | 1 hour, 43 minutes ago
Description : Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
from Latest Vulnerabilities https://ift.tt/648KFmR
via IFTTT