What the vulnerability does

01Description

Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes.

Key dates

02Disclosure timeline

January 21, 2021 CVE published
August 4, 2024 Record updated