Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Rocket.Chat - HackerOne Reports

View on HackerOne

82

Total Reports

16

Critical

22

High

32

Medium

9

Low

Pinning leaks message content

Reported by: gronke | Disclosed:

High

Weakness: Information Disclosure

Possible Domain Takeover on AWS Instance.

Reported by: samuelsiv | Disclosed:

Low

Weakness: Phishing

Blind XSS

Reported by: cyberasset | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Generic

XSS (leads to arbitrary file read in Rocket.Chat-Desktop)

Reported by: sectex | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

Mute User can disclose private channel members to unauthorized users

Reported by: gronke | Disclosed:

Medium

Weakness: Information Disclosure

Broken access control on apps

Reported by: theappsec | Disclosed:

Critical

Weakness: Improper Access Control - Generic

REST API gets `query` as parameter and executes it

Reported by: paulocsanz | Disclosed:

Medium

Weakness: Information Disclosure

Persistent CSS injection with ’marked’ markdown parser in Rocket.Chat

Reported by: danieljpp | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

XSS via /api/v1/chat.postMessage

Reported by: gronke | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Clickjacking in the admin page

Reported by: ant_pyne | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

SAML authentication bypass through unauthenticated `addSamlProvider` Meteor Call

Reported by: fabianfreyer | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Blind XSS in the rocket.chat registration email

Reported by: edoverflow | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

TOTP 2 Factor Authentication Bypass

Reported by: gronke | Disclosed:

High

Weakness: Improper Authentication - Generic

Unauthenticated full-read SSRF via Twilio integration

Reported by: mokusou | Disclosed:

High

Weakness: Server-Side Request Forgery (SSRF)

Insecure use of shell.openExternal() leads to RCE in Rocket.Chat-Desktop

Reported by: sectex | Disclosed:

High

Weakness: OS Command Injection

Cross-Site-Scripting in "Search Messages"

Reported by: sectex | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Unauthenticated clients can modify Livechat Business Hours

Reported by: gronke | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Unread Messages can leak Message IDs

Reported by: gronke | Disclosed:

Medium

Weakness: Information Disclosure

XSS (stored) Wizard is saving executable code

Reported by: 2444nitin | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Upload of Avatars for other Users

Reported by: gronke | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Previous Page 2 of 5 Next