cvedb.io
CVE-2022-1002
LOW · CVSS 2
EPSS exploitation probability: 0%
Published 2022-03-18T18:15:12.067 · Last modified 2026-06-17T04:21:37.640

Summary

Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.

Affected products

mattermost — mattermost

Does this affect you?

Add your gear to cvedb and we'll alert you only when mattermost ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.