CVE-2021-37860 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2416 | mattermost | 5.38.2-1 | 5.39.0-1 | Low | Fixed |
| References |
|---|
https://mattermost.com/security-updates/ |