CVE-2024-47048
MEDIUMRocket.Chat < 6.7.9 - Stored Cross-Site Scripting in Marketplace App Description and Release Notes
Title source: llmDescription
Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps.
References (2)
Core 2
Core References
Scores
CVSS v3
5.4
EPSS
0.0036
EPSS Percentile
28.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
rocket.chat/rocket.chat
6.12.0 (7 CPE variants)
rocket.chat/rocket.chat
< 6.7.9
Published
Sep 25, 2024
Tracked Since
Feb 18, 2026