CVE-2023-28358

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-28358

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28358.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-28358

Published

2023-05-11T22:15:09.993Z

Modified

2026-04-10T04:57:17.666219Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover.

References

https://hackerone.com/reports/1781131

Affected packages

Git / github.com/rocketchat/rocket.chat

Affected ranges

Type

GIT

Repo

https://github.com/rocketchat/rocket.chat

Events

Introduced

Fixed

aa8f0ec70b2267af55d9ce9a3e3abfe7ff6c0a37

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.0.0"
        }
    ]
}

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.11.0

0.13.0

0.14.0

0.15.0

0.16.0

0.17.0

0.18.0

0.19.0

0.23.0

0.24.0

0.25.0

0.26.0

0.27.0

0.28.0

0.29.0

0.30.0

0.36.0

0.37.0

0.37.1

0.38.0

0.39.0

0.40.0

0.40.1

0.41.0

0.42.0

0.43.0

0.44.0

0.45.0

0.46.0

0.48.0

0.49.0

0.49.1

0.49.2

0.49.3

0.49.4

0.50.0

0.54.0

0.54.1

0.56.0

0.56.0-rc.0

0.56.0-rc.1

0.56.0-rc.2

0.56.0-rc.3

0.56.0-rc.4

0.56.0-rc.5

0.56.0-rc.6

0.56.0-rc.7

0.57.0

0.57.1

0.57.2

0.58.0

0.58.1

0.58.2

0.59.0

0.59.1

0.59.2

0.59.3

0.59.4

0.59.5

0.59.6

0.60.0

0.60.1

0.60.2

0.60.3

0.60.4

0.61.0

0.61.1

0.61.2

0.62.0

0.62.1

0.62.2

0.63.0

0.63.1

0.63.2

0.63.3

0.64.0

0.64.1

0.64.2

0.65.0

0.65.1

0.65.2

0.66.0

0.66.1

0.66.2

0.66.3

0.67.0

0.68.0

0.68.1

0.68.2

0.68.3

0.68.4

0.68.5

0.69.0

0.69.1

0.69.2

0.70.0

0.70.1

0.70.2

0.70.3

0.70.4

0.71.0

0.71.1

0.72.0

0.72.1

0.72.2

0.72.3

0.73.0

0.73.1

0.73.2

0.74.0

0.74.1

0.74.2

0.74.3

0.8.0

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.1.0

1.1.1

1.1.2

1.1.3

1.2.0

1.2.1

1.3.0

1.3.1

1.3.2

2.*

2.0.0

2.1.0

2.1.1

2.1.2

2.2.0

2.3.0

2.3.1

2.3.2

2.4.0

2.4.1

2.4.2

2.4.3

2.4.4

2.4.5

2.4.6

2.4.7

2.4.8

2.4.9

3.*

3.0.0

3.0.1

3.0.10

3.0.11

3.0.12

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.1.1

3.1.2

3.10.0

3.10.1

3.10.2

3.10.3

3.10.4

3.10.5

3.11.0

3.11.1

3.12.0

3.12.1

3.12.2

3.12.3

3.13.0

3.13.1

3.13.2

3.13.3

3.14.0

3.14.1

3.14.2

3.14.3

3.14.4

3.15.0

3.15.1

3.15.2

3.16.0

3.16.1

3.16.2

3.16.3

3.16.4

3.17.0

3.17.1

3.17.2

3.18.0

3.18.1

3.18.2

3.2.0

3.2.1

3.2.2

3.3.0

3.3.1

3.3.2

3.3.3

3.4.0

3.4.1

3.4.2

3.5.0

3.5.1

3.5.2

3.5.3

3.5.4

3.6.0

3.6.1

3.6.2

3.6.3

3.7.0

3.7.1

3.7.2

3.8.0

3.8.1

3.8.2

3.9.0

3.9.1

3.9.2

3.9.3

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.1.0

4.1.1

4.1.2

4.2.0

4.2.1

4.2.2

4.3.0

4.3.1

4.3.2

4.3.3

4.4.0

4.4.1

4.4.2

4.4.4

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

4.6.0

4.6.1

4.6.2

4.6.3

4.7.0

4.7.1

4.7.2

4.7.3

4.8.0

4.8.2

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.1.0

5.1.1

5.1.3

5.1.4

5.2.0

5.3.0

5.3.1

5.3.2

5.3.4

5.3.5

5.4.0

5.4.1

5.4.2

5.4.3

5.4.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28358.json"