Cross-Site Scripting (XSS) Vulnerability in Mattermost Server before 3.1.0

Cross-Site Scripting (XSS) Vulnerability in Mattermost Server before 3.1.0

CVE-2016-11071 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.

Learn more about our Cis Benchmark Audit For Server Software.