Ggazzo

**Name of the Vulnerable Software and Affected Versions** Rocket.Chat versions through 3.4.2 **Description** The issue allows for Cross-Site Scripting (XSS) where an attacker can send a specially crafted message to a channel or in a direct message to the client, resulting in remote code execution on the client side. **Recommendations** For Rocket.Chat versions through 3.4.2, update to a version later than 3.4.2 to resolve the issue. As a temporary workaround, consider restricting the ability to send specially crafted messages to channels or direct messages until a patch is available.