CVE-2023-7113

Published: Dec 29, 2023
Updated: May 10, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-7113" target="_blank" rel="noopener"> CVE-2023-7113
GHSA: <a href="https://github.com/advisories/GHSA-h3gq-j7p9-x3p4" target="_blank" rel="noopener"> GHSA-h3gq-j7p9-x3p4
Severity: Medium
Exploit:

Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client.

CVSS v3:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
github.com/mattermost/mattermost/server/v8	-	8.1.7
mattermost / mattermost_server	-	8.1.7