Home
LOW: 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:NDefault status
unaffected
11.5.0 (semver)
affected
10.11.0 (semver)
affected
11.6.0
unaffected
11.5.2
unaffected
10.11.14
unaffected
Description
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit some site configuration to execute some malicious code via injecting some JS as part of those values.. Mattermost Advisory ID: MMSA-2026-00622
Problem types
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Product status
11.5.0 (semver)
10.11.0 (semver)
11.6.0
11.5.2
10.11.14
Credits
shoodagiri
References
mattermost.com/security-updates (MMSA-2026-00622)