CVE-2025-13523
HIGHMattermost Confluence Plugin < 1.7.0 - Authenticated Stored Cross-Site Scripting via OAuth2 Connection Link
Title source: llmDescription
Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
References (1)
Core 1
Core References
Various Sources vendor-advisory
https://mattermost.com/security-updates
Scores
CVSS v3
7.7
EPSS
0.0001
EPSS Percentile
3.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
mattermost/confluence
1.0.0 - 1.7.0
mattermost/mattermost-plugin-confluence
0 - 1.7.0Go
Published
Feb 06, 2026
Tracked Since
Feb 18, 2026