PT-2024-32372 · Unknown · Rocket.Chat
Published
2024-09-24
·
Updated
2025-07-17
·
CVE-2024-47048
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rocket.Chat versions 6.12.0 and earlier
Description
The issue allows stored XSS in the description and release notes of the marketplace and private apps.
Recommendations
For Rocket.Chat versions 6.12.0 and earlier, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting access to the marketplace and private apps until a patch is available.
Avoid using the description and release notes fields in the marketplace and private apps until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rocket.Chat