CVE-2020-15926

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions through 3.4.2

Description The issue allows for Cross-Site Scripting (XSS) where an attacker can send a specially crafted message to a channel or in a direct message to the client, resulting in remote code execution on the client side.

Recommendations For Rocket.Chat versions through 3.4.2, update to a version later than 3.4.2 to resolve the issue. As a temporary workaround, consider restricting the ability to send specially crafted messages to channels or direct messages until a patch is available.