Vulnerability Database

315,050

Total vulnerabilities in the database

CVE-2022-1002

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.

  • Published: Mar 18, 2022
  • Updated: Nov 16, 2025
  • CVE: CVE-2022-1002
  • Severity: Low
  • Exploit:

CVSS v3:

  • Severity: Low
  • Score: 2
  • AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
mattermost / mattermost - 6.4.0