Stored XSS in any message (leads to priv esc for all users and file leak + rce via electron app)
High
R
Rocket.Chat
Submitted None
Team Summary
Official summary from Rocket.Chat
Persistent XSS flaw using nested markdown tags allows remote attacker to inject arbitrary JavaScript to message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app. Patched on 3.11, 3.10.5, 3.9.7, 3.8.8.
Actions:
Reported by
psych0tr1a
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - DOM