CVE-2022-4902

Name of the Vulnerable Software and Affected Versions eXo Chat Application versions prior to 3.3.0-20220417

Description A problematic issue has been found in the eXo Chat Application, affecting an unknown function of the Mention Handler component in the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue. This issue leads to cross-site scripting and can be launched remotely.

Recommendations For versions prior to 3.3.0-20220417, upgrade to version 3.3.0-20220417 to address this issue. As a temporary workaround, consider restricting access to the Mention Handler component until the upgrade is applied.