CVE-2024-46934

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-46934
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46934.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-46934
Published
2024-09-25T01:15:44.597Z
Modified
2026-04-10T05:17:12.961811Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload.

References

Affected packages

Git / github.com/rocketchat/rocket.chat

Affected ranges

Type
GIT
Repo
https://github.com/rocketchat/rocket.chat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f31f31ef96e54751f0e7ba45eb70457ae83df798
Introduced
87005cbff2c8a2a5b066991de94e680b82f6590c
Fixed
9f4a610672ab2bd7e228e27567a1e1da0cf6c6eb
Introduced
3b820dcd208302b880dfea14b26962e8c63a87ce
Fixed
ec179e79d45766ae28743e288cb0d72dcd0f97cf
Introduced
623a265851c5eea52c293ddd2fee6a549a5eae87
Fixed
b0bb7f0d0bf1026b7f9cf500833b018af70a7222
Introduced
640d569eeb0ea4e46b8525b84b27d56fab661a41
Fixed
536884c6522a5f75d5faddd7ab65d1e6a19a7f43
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ecff0a61cc9dce7597743799da098629ad9a088d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.7.9"
        },
        {
            "introduced": "6.8.0"
        },
        {
            "fixed": "6.8.7"
        },
        {
            "introduced": "6.9.0"
        },
        {
            "fixed": "6.9.7"
        },
        {
            "introduced": "6.10.0"
        },
        {
            "fixed": "6.10.6"
        },
        {
            "introduced": "6.11.0"
        },
        {
            "fixed": "6.11.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.12.0-NA"
        }
    ]
}

Affected versions

0.*
0.10.0
0.10.1
0.10.2
0.11.0
0.13.0
0.14.0
0.15.0
0.16.0
0.17.0
0.18.0
0.19.0
0.23.0
0.24.0
0.25.0
0.26.0
0.27.0
0.28.0
0.29.0
0.30.0
0.36.0
0.37.0
0.37.1
0.38.0
0.39.0
0.40.0
0.40.1
0.41.0
0.42.0
0.43.0
0.44.0
0.45.0
0.46.0
0.48.0
0.49.0
0.49.1
0.49.2
0.49.3
0.49.4
0.50.0
0.54.0
0.54.1
0.56.0
0.56.0-rc.0
0.56.0-rc.1
0.56.0-rc.2
0.56.0-rc.3
0.56.0-rc.4
0.56.0-rc.5
0.56.0-rc.6
0.56.0-rc.7
0.57.0
0.57.1
0.57.2
0.58.0
0.58.1
0.58.2
0.59.0
0.59.1
0.59.2
0.59.3
0.59.4
0.59.5
0.59.6
0.60.0
0.60.1
0.60.2
0.60.3
0.60.4
0.61.0
0.61.1
0.61.2
0.62.0
0.62.1
0.62.2
0.63.0
0.63.1
0.63.2
0.63.3
0.64.0
0.64.1
0.64.2
0.65.0
0.65.1
0.65.2
0.66.0
0.66.1
0.66.2
0.66.3
0.67.0
0.68.0
0.68.1
0.68.2
0.68.3
0.68.4
0.68.5
0.69.0
0.69.1
0.69.2
0.70.0
0.70.1
0.70.2
0.70.3
0.70.4
0.71.0
0.71.1
0.72.0
0.72.1
0.72.2
0.72.3
0.73.0
0.73.1
0.73.2
0.74.0
0.74.1
0.74.2
0.74.3
0.8.0
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.1.1
1.1.2
1.1.3
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
2.*
2.0.0
2.1.0
2.1.1
2.1.2
2.2.0
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
3.*
3.0.0
3.0.1
3.0.10
3.0.11
3.0.12
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.2
3.10.0
3.10.1
3.10.2
3.10.3
3.10.4
3.10.5
3.11.0
3.11.1
3.12.0
3.12.1
3.12.2
3.12.3
3.13.0
3.13.1
3.13.2
3.13.3
3.14.0
3.14.1
3.14.2
3.14.3
3.14.4
3.15.0
3.15.1
3.15.2
3.16.0
3.16.1
3.16.2
3.16.3
3.16.4
3.17.0
3.17.1
3.17.2
3.18.0
3.18.1
3.18.2
3.2.0
3.2.1
3.2.2
3.3.0
3.3.1
3.3.2
3.3.3
3.4.0
3.4.1
3.4.2
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.6.0
3.6.1
3.6.2
3.6.3
3.7.0
3.7.1
3.7.2
3.8.0
3.8.1
3.8.2
3.9.0
3.9.1
3.9.2
3.9.3
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.1.0
4.1.1
4.1.2
4.2.0
4.2.1
4.2.2
4.3.0
4.3.1
4.3.2
4.3.3
4.4.0
4.4.1
4.4.2
4.4.4
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.6.0
4.6.1
4.6.2
4.6.3
4.7.0
4.7.1
4.7.2
4.7.3
4.8.0
4.8.2
5.*
5.0.0
5.0.1
5.0.2
5.0.3
5.0.4
5.0.5
5.1.0
5.1.1
5.1.3
5.1.4
5.2.0
5.3.0
5.3.1
5.3.2
5.3.4
5.3.5
5.4.0
5.4.1
5.4.2
5.4.3
5.4.4
6.*
6.0.0
6.0.1
6.1.0
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.1.6
6.1.7
6.10.0
6.10.1
6.10.2
6.10.3
6.10.4
6.10.5
6.11.0
6.11.1
6.11.2
6.12.0
6.2.0
6.2.1
6.2.10
6.2.11
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.8
6.2.9
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.3.6
6.3.7
6.3.8
6.4.0
6.4.1
6.4.2
6.4.3
6.4.4
6.4.5
6.4.6
6.4.7
6.4.8
6.5.0
6.5.1
6.5.2
6.5.3
6.6.0
6.6.1
6.6.2
6.6.3
6.6.4
6.6.5
6.6.6
6.7.0
6.7.1
6.7.2
6.7.3
6.7.4
6.7.5
6.7.6
6.7.7
6.7.8
6.8.0
6.8.1
6.8.2
6.8.3
6.8.4
6.8.5
6.8.6
6.9.0
6.9.1
6.9.2
6.9.3
6.9.4
6.9.5
6.9.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46934.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.12.0-rc1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.12.0-rc2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.12.0-rc3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.12.0-rc4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.12.0-rc5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.12.0-rc6"
            }
        ]
    }
]