CVE-2017-1000054
medium
CVSS v3
6.1
CVSS v4 NEW
โ
VIR risk
6.1
Description
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
Predictions
Exploit likelihood
71%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| rocketchat | rocket.chat | 0.8.0 | |
| rocketchat | rocket.chat | 0.9.0 | |
| rocketchat | rocket.chat | 0.10.0 | |
| rocketchat | rocket.chat | 0.10.1 | |
| rocketchat | rocket.chat | 0.10.2 | |
| rocketchat | rocket.chat | 0.11.0 | |
| rocketchat | rocket.chat | 0.12.0 | |
| rocketchat | rocket.chat | 0.12.1 | |
| rocketchat | rocket.chat | 0.13.0 | |
| rocketchat | rocket.chat | 0.14.0 | |
| rocketchat | rocket.chat | 0.15.0 | |
| rocketchat | rocket.chat | 0.16.0 | |
| rocketchat | rocket.chat | 0.17.0 | |
| rocketchat | rocket.chat | 0.18.0 | |
| rocketchat | rocket.chat | 0.18.1 | |
| rocketchat | rocket.chat | 0.19.0 | |
| rocketchat | rocket.chat | 0.20.0 | |
| rocketchat | rocket.chat | 0.21.0 | |
| rocketchat | rocket.chat | 0.22.0 | |
| rocketchat | rocket.chat | 0.23.0 | |
| rocketchat | rocket.chat | 0.24.0 | |
| rocketchat | rocket.chat | 0.25.0 | |
| rocketchat | rocket.chat | 0.26.0 | |
| rocketchat | rocket.chat | 0.27.0 | |
| rocketchat | rocket.chat | 0.28.0 | |
| rocketchat | rocket.chat | 0.29.0 | |
| rocketchat | rocket.chat | 0.30.0 | |
| rocketchat | rocket.chat | 0.31.0 | |
| rocketchat | rocket.chat | 0.32.0 | |
| rocketchat | rocket.chat | 0.33.0 | |
| rocketchat | rocket.chat | 0.34.0 | |
| rocketchat | rocket.chat | 0.35.0 | |
| rocketchat | rocket.chat | 0.36.0 | |
| rocketchat | rocket.chat | 0.37.0 | |
| rocketchat | rocket.chat | 0.37.1 | |
| rocketchat | rocket.chat | 0.38.0 | |
| rocketchat | rocket.chat | 0.39.0 | |
| rocketchat | rocket.chat | 0.40.1 | |
| rocketchat | rocket.chat | 0.41.0 | |
| rocketchat | rocket.chat | 0.42.0 | |
| rocketchat | rocket.chat | 0.43.0 | |
| rocketchat | rocket.chat | 0.44.0 | |
| rocketchat | rocket.chat | 0.45.0 | |
| rocketchat | rocket.chat | 0.46.0 | |
| rocketchat | rocket.chat | 0.47.0 | |
| rocketchat | rocket.chat | 0.47.1 | |
| rocketchat | rocket.chat | 0.48.0 | |
| rocketchat | rocket.chat | 0.48.1 | |
| rocketchat | rocket.chat | 0.48.2 | |
| rocketchat | rocket.chat | 0.49.0 | |
| rocketchat | rocket.chat | 0.49.1 | |
| rocketchat | rocket.chat | 0.49.2 | |
| rocketchat | rocket.chat | 0.49.3 | |
| rocketchat | rocket.chat | 0.49.4 | |
| rocketchat | rocket.chat | 0.50.0 | |
| rocketchat | rocket.chat | 0.50.1 | |
| rocketchat | rocket.chat | 0.51.0 | |
| rocketchat | rocket.chat | 0.52.0 | |
| rocketchat | rocket.chat | 0.53.0 | |
| rocketchat | rocket.chat | 0.54.0 | |
| rocketchat | rocket.chat | 0.54.1 | |
| rocketchat | rocket.chat | 0.54.2 | |
| rocketchat | rocket.chat | 0.55.0 | |
| rocketchat | rocket.chat | 0.55.1 | |
| rocketchat | rocket.chat | 0.56.0 | |
| rocketchat | rocket.chat | 0.57.0 | |
| rocketchat | rocket.chat | 0.57.1 | |
| rocketchat | rocket.chat | 0.57.2 | |
References
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.