CVE-2023-1421 LOW

CVE-2023-1421: Reflected XSS in OAuth flow completion endpoints

Vendor Mattermost
Product Mattermost
Weakness CWE-79 · XSS
Published March 15, 2023
Last update December 6, 2024

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.

Key dates

02Disclosure timeline

March 15, 2023 CVE published
December 6, 2024 Record updated

Related vulnerabilities

04Related CVE