CVE-2024-45621

medium

Description

The Electron desktop application of Rocket.Chat through 6.3.4 allows stored XSS via links in an uploaded file, related to failure to use a separate browser upon encountering third-party external actions from PDF documents.

References

https://hackerone.com/reports/1967109

https://github.com/RocketChat/Rocket.Chat/releases/tag/6.3.4

Details

Source: Mitre, NVD

Published: 2024-09-02

Updated: 2024-09-16

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N