CVE-2024-46934 Information

Description

Rocket.Chat 6.12.0 6.11.2 6.10.5 6.9.6 6.8.6 6.7.8 and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload.

Reference

https://github.com/RocketChat/Rocket.Chat/pull/33246 https://docs.rocket.chat/docs/rocketchat-security-fixes-updates-and-advisories