Unsanitized Channel Mention Data Injection in Mattermost 8.1.6 and Earlier

Unsanitized Channel Mention Data Injection in Mattermost 8.1.6 and Earlier

CVE-2023-7113 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client.

Learn more about our Web App Pen Testing.