CVE-2024-45621

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-45621
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45621.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45621
Published
2024-09-02T19:15:13.073Z
Modified
2026-03-12T09:36:32.165744Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents.

References

Affected packages

Git / github.com/rocketchat/rocket.chat

Affected ranges

Type
GIT
Repo
https://github.com/rocketchat/rocket.chat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
66247990e495e76180a1c5a73abf0b0e4a6fc312
Fixed
66247990e495e76180a1c5a73abf0b0e4a6fc312
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.3.4"
        }
    ]
}

Affected versions

0.*
0.10.0
0.10.1
0.10.2
0.11.0
0.12.0
0.12.1
0.13.0
0.14.0
0.15.0
0.16.0
0.17.0
0.18.0
0.18.1
0.19.0
0.20.0
0.21.0
0.22.0
0.23.0
0.24.0
0.25.0
0.26.0
0.27.0
0.28.0
0.29.0
0.30.0
0.31.0
0.32.0
0.33.0
0.34.0
0.35.0
0.36.0
0.37.0
0.37.1
0.38.0
0.39.0
0.40.0
0.40.1
0.41.0
0.42.0
0.43.0
0.44.0
0.45.0
0.46.0
0.47.0
0.47.1
0.48.0
0.48.1
0.48.2
0.49.0
0.49.1
0.49.2
0.49.3
0.49.4
0.50.0
0.50.1
0.51.0
0.52.0
0.53.0
0.54.0
0.54.1
0.54.2
0.55.0
0.55.0-rc.0
0.55.0-rc.1
0.55.0-rc.2
0.55.0-rc.3
0.55.0-rc.4
0.55.0-rc.5
0.55.0-rc.6
0.55.1
0.56.0
0.56.0-rc.0
0.56.0-rc.1
0.56.0-rc.2
0.56.0-rc.3
0.56.0-rc.4
0.56.0-rc.5
0.56.0-rc.6
0.56.0-rc.7
0.57.0
0.57.0-rc.0
0.57.0-rc.1
0.57.0-rc.2
0.57.0-rc.3
0.57.1
0.57.2
0.57.3
0.58.0
0.58.0-rc.0
0.58.0-rc.1
0.58.0-rc.2
0.58.0-rc.3
0.58.1
0.58.2
0.58.3
0.58.4
0.59.0
0.59.0-rc.0
0.59.0-rc.1
0.59.0-rc.10
0.59.0-rc.11
0.59.0-rc.12
0.59.0-rc.13
0.59.0-rc.14
0.59.0-rc.15
0.59.0-rc.16
0.59.0-rc.17
0.59.0-rc.2
0.59.0-rc.3
0.59.0-rc.4
0.59.0-rc.5
0.59.0-rc.6
0.59.0-rc.7
0.59.0-rc.8
0.59.0-rc.9
0.59.1
0.59.2
0.59.3
0.59.4
0.59.5
0.59.6
0.60.0
0.60.0-rc.0
0.60.0-rc.1
0.60.0-rc.2
0.60.0-rc.3
0.60.0-rc.4
0.60.0-rc.5
0.60.0-rc.6
0.60.0-rc.7
0.60.0-rc.8
0.60.1
0.60.2
0.60.3
0.60.4
0.60.4-rc.0
0.60.4-rc.1
0.61.0
0.61.0-rc.0
0.61.0-rc.1
0.61.0-rc.2
0.61.1
0.61.2
0.62.0
0.62.0-rc.0
0.62.0-rc.1
0.62.0-rc.2
0.62.0-rc.3
0.62.1
0.62.2
0.63.0
0.63.0-rc.0
0.63.0-rc.1
0.63.0-rc.2
0.63.1
0.63.2
0.63.3
0.64.0
0.64.0-rc.0
0.64.0-rc.1
0.64.0-rc.2
0.64.0-rc.3
0.64.0-rc.4
0.64.1
0.64.2
0.65.0
0.65.0-rc.0
0.65.0-rc.1
0.65.0-rc.2
0.65.0-rc.3
0.65.1
0.65.2
0.66.0
0.66.0-rc.0
0.66.0-rc.1
0.66.0-rc.2
0.66.0-rc.3
0.66.0-rc.4
0.66.1
0.66.2
0.66.3
0.67.0
0.67.0-rc.0
0.68.0
0.68.0-rc.0
0.68.0-rc.1
0.68.0-rc.2
0.68.0-rc.3
0.68.1
0.68.2
0.68.3
0.68.4
0.68.5
0.69.0
0.69.0-rc.0
0.69.0-rc.1
0.69.1
0.69.2
0.70.0
0.70.0-rc.0
0.70.0-rc.1
0.70.0-rc.2
0.70.0-rc.3
0.70.0-rc.4
0.70.1
0.70.1-rc.0
0.70.1-rc.1
0.70.2
0.70.3
0.70.4
0.71.0
0.71.0-rc.0
0.71.0-rc.1
0.71.0-rc.2
0.71.1
0.72.0
0.72.1
0.72.2
0.72.3
0.73.0
0.73.0-rc.0
0.73.0-rc.1
0.73.0-rc.2
0.73.1
0.73.2
0.74.0
0.74.0-rc.0
0.74.0-rc.1
0.74.0-rc.2
0.74.1
0.74.2
0.74.3
0.8.0
0.9.0
1.*
1.0.0
1.0.0-rc.0
1.0.0-rc.1
1.0.0-rc.2
1.0.0-rc.3
1.0.0-rc.4
1.0.0-rc.5
1.0.1
1.0.2
1.0.3
1.1.0
1.1.0-rc.0
1.1.0-rc.1
1.1.0-rc.2
1.1.0-rc.3
1.1.0-rc.4
1.1.0-rc.5
1.1.1
1.1.2
1.1.3
1.2.0
1.2.0-rc.0
1.2.0-rc.1
1.2.0-rc.2
1.2.1
1.3.0
1.3.0-rc.0
1.3.0-rc.1
1.3.0-rc.2
1.3.0-rc.3
1.3.0-rc.4
1.3.1
1.3.2
2.*
2.0.0
2.0.0-rc.0
2.0.0-rc.1
2.0.0-rc.2
2.0.0-rc.3
2.0.0-rc.4
2.0.0-rc.5
2.1.0
2.1.0-rc.0
2.1.0-rc.1
2.1.0-rc.2
2.1.0-rc.3
2.1.1
2.1.2
2.2.0
2.2.0-rc.0
2.2.0-rc.1
2.2.0-rc.2
2.2.0-rc.3
2.3.0
2.3.0-rc.0
2.3.0-rc.1
2.3.1
2.3.2
2.4.0
2.4.0-rc.0
2.4.0-rc.1
2.4.0-rc.2
2.4.0-rc.3
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
3.*
3.0.0
3.0.0-rc.0
3.0.0-rc.1
3.0.0-rc.10
3.0.0-rc.11
3.0.0-rc.2
3.0.0-rc.3
3.0.0-rc.4
3.0.0-rc.5
3.0.0-rc.6
3.0.0-rc.7
3.0.0-rc.8
3.0.0-rc.9
3.0.1
3.0.10
3.0.11
3.0.12
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.0-rc.1
3.1.0-rc.10
3.1.0-rc.11
3.1.0-rc.12
3.1.0-rc.13
3.1.0-rc.2
3.1.0-rc.3
3.1.0-rc.4
3.1.0-rc.5
3.1.0-rc.6
3.1.0-rc.7
3.1.0-rc.8
3.1.0-rc.9
3.1.1
3.1.2
3.10.0
3.10.0-rc.0
3.10.0-rc.1
3.10.0-rc.2
3.10.0-rc.3
3.10.0-rc.4
3.10.1
3.10.2
3.10.3
3.10.4
3.10.5
3.11.0
3.11.0-rc.0
3.11.0-rc.1
3.11.0-rc.2
3.11.0-rc.3
3.11.0-rc.4
3.11.0-rc.5
3.11.0-rc.6
3.11.0-rc.7
3.11.1
3.12.0
3.12.0-rc.0
3.12.0-rc.1
3.12.0-rc.2
3.12.0-rc.3
3.12.0-rc.4
3.12.1
3.12.2
3.12.3
3.13.0
3.13.0-rc.0
3.13.0-rc.1
3.13.0-rc.2
3.13.0-rc.3
3.13.0-rc.4
3.13.0-rc.5
3.13.0-rc.6
3.13.0-rc.7
3.13.1
3.13.2
3.13.3
3.14.0
3.14.0-rc.0
3.14.0-rc.1
3.14.0-rc.2
3.14.0-rc.3
3.14.0-rc.4
3.14.1
3.14.2
3.14.3
3.14.4
3.15.0
3.15.0-rc.0
3.15.0-rc.1
3.15.0-rc.2
3.15.0-rc.3
3.15.0-rc.4
3.15.1
3.15.2
3.16.0
3.16.0-rc.0
3.16.0-rc.1
3.16.0-rc.2
3.16.0-rc.3
3.16.0-rc.4
3.16.0-rc.5
3.16.1
3.16.2
3.16.3
3.16.4
3.17.0
3.17.0-rc.0
3.17.0-rc.1
3.17.0-rc.2
3.17.0-rc.3
3.17.0-rc.4
3.17.0-rc.5
3.17.0-rc.6
3.17.1
3.17.2
3.18.0
3.18.0-rc.0
3.18.0-rc.1
3.18.0-rc.2
3.18.0-rc.3
3.18.0-rc.4
3.18.1
3.18.2
3.2.0
3.2.0-rc.0
3.2.0-rc.1
3.2.0-rc.2
3.2.1
3.2.2
3.3.0
3.3.0-rc.0
3.3.0-rc.1
3.3.0-rc.2
3.3.0-rc.3
3.3.0-rc.4
3.3.1
3.3.2
3.3.3
3.4.0
3.4.0-rc.0
3.4.0-rc.1
3.4.0-rc.2
3.4.0-rc.3
3.4.0-rc.4
3.4.0-rc.5
3.4.1
3.4.2
3.5.0
3.5.0-rc.0
3.5.0-rc.1
3.5.0-rc.2
3.5.0-rc.3
3.5.0-rc.4
3.5.1
3.5.2
3.5.3
3.5.4
3.6.0
3.6.0-rc.0
3.6.0-rc.1
3.6.0-rc.2
3.6.0-rc.3
3.6.1
3.6.2
3.6.3
3.7.0
3.7.0-rc.0
3.7.0-rc.1
3.7.0-rc.2
3.7.0-rc.3
3.7.0-rc.4
3.7.1
3.7.2
3.8.0
3.8.0-rc.0
3.8.0-rc.1
3.8.0-rc.10
3.8.0-rc.11
3.8.0-rc.12
3.8.0-rc.13
3.8.0-rc.14
3.8.0-rc.2
3.8.0-rc.3
3.8.0-rc.4
3.8.0-rc.5
3.8.0-rc.6
3.8.0-rc.7
3.8.0-rc.8
3.8.0-rc.9
3.8.1
3.8.2
3.9.0
3.9.0-rc.0
3.9.0-rc.1
3.9.0-rc.2
3.9.0-rc.3
3.9.0-rc.4
3.9.0-rc.5
3.9.1
3.9.2
3.9.3
4.*
4.0.0
4.0.0-rc.0
4.0.0-rc.1
4.0.0-rc.2
4.0.0-rc.3
4.0.0-rc.4
4.0.0-rc.5
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.1.0
4.1.0-rc.0
4.1.0-rc.1
4.1.0-rc.2
4.1.0-rc.3
4.1.0-rc.4
4.1.1
4.1.2
4.2.0
4.2.0-rc.0
4.2.0-rc.1
4.2.0-rc.2
4.2.0-rc.3
4.2.0-rc.4
4.2.1
4.2.2
4.3.0
4.3.0-rc.0
4.3.0-rc.1
4.3.0-rc.2
4.3.0-rc.3
4.3.0-rc.4
4.3.1
4.3.2
4.3.3
4.4.0
4.4.0-rc.0
4.4.0-rc.1
4.4.0-rc.2
4.4.0-rc.3
4.4.0-rc.4
4.4.1
4.4.2
4.4.4
4.5.0
4.5.0-rc.0
4.5.0-rc.1
4.5.0-rc.2
4.5.0-rc.3
4.5.0-rc.4
4.5.0-rc.5
4.5.0-rc.6
4.5.0-rc.7
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.6.0
4.6.0-rc.0
4.6.0-rc.1
4.6.0-rc.2
4.6.0-rc.3
4.6.0-rc.4
4.6.0-rc.5
4.6.1
4.6.2
4.6.3
4.7.0
4.7.0-rc.0
4.7.0-rc.1
4.7.0-rc.2
4.7.0-rc.3
4.7.0-rc.4
4.7.0-rc.5
4.7.1
4.7.2
4.7.3
4.8.0
4.8.0-rc.0
4.8.0-rc.1
4.8.0-rc.2
4.8.0-rc.3
4.8.0-rc.4
4.8.0-rc.5
4.8.1
4.8.2
5.*
5.0.0
5.0.0-rc.0
5.0.0-rc.1
5.0.0-rc.10
5.0.0-rc.11
5.0.0-rc.12
5.0.0-rc.2
5.0.0-rc.3
5.0.0-rc.4
5.0.0-rc.5
5.0.0-rc.6
5.0.0-rc.7
5.0.0-rc.8
5.0.0-rc.9
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.1.0
5.1.0-rc.0
5.1.0-rc.1
5.1.0-rc.2
5.1.0-rc.3
5.1.1
5.1.2
5.1.3
5.1.4
5.2.0
5.2.0-rc.0
5.2.0-rc.1
5.2.0-rc.2
5.2.0-rc.3
5.2.0-rc.4
5.2.0-rc.5
5.2.0-rc.6
5.3.0
5.3.0-rc.0
5.3.0-rc.1
5.3.0-rc.2
5.3.0-rc.3
5.3.1
5.3.2
5.3.3
5.3.4
5.3.5
5.4.0
5.4.0-rc.0
5.4.0-rc.1
5.4.0-rc.2
5.4.0-rc.3
5.4.0-rc.4
5.4.0-rc.5
5.4.0-rc.6
5.4.1
5.4.2
5.4.3
5.4.4
6.*
6.0.0
6.0.0-rc.0
6.0.0-rc.1
6.0.0-rc.10
6.0.0-rc.11
6.0.0-rc.12
6.0.0-rc.2
6.0.0-rc.3
6.0.0-rc.4
6.0.0-rc.5
6.0.0-rc.6
6.0.0-rc.7
6.0.0-rc.8
6.0.0-rc.9
6.0.1
6.1.0
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.2.0
6.2.0-rc.0
6.2.0-rc.1
6.2.0-rc.10
6.2.0-rc.11
6.2.0-rc.12
6.2.0-rc.2
6.2.0-rc.3
6.2.0-rc.4
6.2.0-rc.5
6.2.0-rc.6
6.2.0-rc.7
6.2.0-rc.8
6.2.0-rc.9
6.2.1
6.2.10
6.2.11
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.8
6.2.9
6.3.0
6.3.0-rc.0
6.3.0-rc.1
6.3.0-rc.10
6.3.0-rc.2
6.3.0-rc.3
6.3.0-rc.4
6.3.0-rc.5
6.3.0-rc.6
6.3.0-rc.7
6.3.0-rc.8
6.3.0-rc.9
6.3.1
6.3.2
6.3.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45621.json"