GHSA-8pff-p3gx-w4jf

Source

https://github.com/advisories/GHSA-8pff-p3gx-w4jf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8pff-p3gx-w4jf/GHSA-8pff-p3gx-w4jf.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-8pff-p3gx-w4jf

Aliases

Published

2022-05-24T17:21:06Z

Modified

2026-01-13T17:12:05.338965Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Mattermost Server vulnerable to XSS via an uploaded file

Details

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.

Database specific

{
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2026-01-12T20:18:18Z",
    "nvd_published_at": "2020-06-19T19:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Go / github.com/mattermost/mattermost-server

Package

Name: github.com/mattermost/mattermost-server; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost-server

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.9.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8pff-p3gx-w4jf/GHSA-8pff-p3gx-w4jf.json"

Go / github.com/mattermost/mattermost-server

Package

Name: github.com/mattermost/mattermost-server; View open source insights on deps.dev
Purl: pkg:golang/github.com/mattermost/mattermost-server

Affected ranges

Type: SEMVER
Events: Introduced

3.10.0

Fixed

3.10.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8pff-p3gx-w4jf/GHSA-8pff-p3gx-w4jf.json"