CVE-2021-37860 - log back

CVE-2021-37860 edited at 22 Sep 2021 18:43:46
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site scripting
Description
+ Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP.
References
+ https://mattermost.com/security-updates/
Notes
CVE-2021-37860 created at 22 Sep 2021 18:42:56