Back to search
CVE-2022-35251
Published: Sep 23, 2022
Modified: May 22, 2025
PUBLISHED
Description
A cross-site scripting vulnerability exists in Rocket.chat <v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are stored in messages, it is a persistent attack vector, which will trigger as soon as the message gets viewed.
| Vendor | Product | Versions |
|---|---|---|
n/a | Rocket.chat | affected Fixed in 5.0> |
Weaknesses (CWE)
References
https://hackerone.com/reports/1401268
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now