Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated crash the application via calling {{window.open('javascript:alert()');}}. Mattermost Advisory ID: MMSA-2026-00618
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HMattermost Desktop
APPMattermost≤ 5.4.13.06.0.0 – 6.0.16.1.0 – 6.2.0 (bez)
Powiązane podatności
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injectio...
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.
Mattermost Desktop App versions <=6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Matt...
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code ...
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during ac...