Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Rocket.Chat - HackerOne Reports

View on HackerOne

82

Total Reports

16

Critical

22

High

32

Medium

9

Low

Clickjacking at open.rocket.chat

Reported by: scriptsavvy | Disclosed:

Medium

Weakness: UI Redressing (Clickjacking)

Reflected Cross-Site Scripting(CVE-2022-32770 )

Reported by: sachinrajput | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

XSS in message attachment fileds.

Reported by: fabianfreyer | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

XSS leads to RCE on the RocketChat desktop client.

Reported by: fabianfreyer | Disclosed:

Critical

Weakness: OS Command Injection

NoSQL injection leaks visitor token and livechat messages

Reported by: gronke | Disclosed:

Medium

Weakness: Information Disclosure

Bypassing 2FA with conventional session management - open.rocket.chat

Reported by: hackeriron1 | Disclosed:

Low

Weakness: Improper Authentication - Generic

Android App Crashes while sending message to users/ on channel

Reported by: legalizenepal | Disclosed:

High

Weakness: Classic Buffer Overflow

Message ID Enumeration with Action Link Handler

Reported by: gronke | Disclosed:

Medium

Weakness: Information Disclosure

Moving private messages into vision with updateMessage method

Reported by: gronke | Disclosed:

High

Weakness: Information Disclosure

Remote Code Execution in Rocket.Chat Desktop

Reported by: mattaustin | Disclosed:

High

Weakness: Code Injection

Desktop app RCE (#276031 bypass)

Reported by: ivarsvids | Disclosed:

High

Weakness: Code Injection

Improper Access Control - Generic

Reported by: priyank_parmar | Disclosed:

Low

Weakness: Improper Access Control - Generic

Account takeover via XSS

Reported by: sectex | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Stored

Remote Code Execution in Rocket.Chat-Desktop

Reported by: sectex | Disclosed:

Critical

Arbitrary file read in Rocket.Chat-Desktop

Reported by: sectex | Disclosed:

Medium

Online Status of arbitrary users can be changed

Reported by: gronke | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Guest Privilege Escalation to admin group

Reported by: gronke | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Insecure use of shell.openExternal() in Rocket.Chat Desktop App leading to RCE

Reported by: baltpeter | Disclosed:

Critical

Weakness: OS Command Injection

Session Hijack via Self-XSS

Reported by: jcardona | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Improper ACL in Message Starring

Reported by: gronke | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Previous Page 3 of 5 Next