CVE-2023-28358 - AskarLabs CVE Database

CVE-2023-28358

Vendor N/A

Product Rocket.Chat

Weakness CWE-79 · XSS

Published May 11, 2023

Last update January 27, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover.

Key dates

02Disclosure timeline

May 11, 2023 CVE published

January 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-28358 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2018-0411 CVE-2021-24268 JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS CVE-2026-12114 Team Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'custom_css' Parameter CVE-2024-10837 SysBasics Customize My Account for WooCommerce <= 2.7.29 - Reflected Cross-Site Scripting via tab Parameter CVE-2022-50966 uBidAuction 2.0.1 news manage Reflected XSS