CVE-2025-13523 - CERT CVE

  1. CVE-2025-13523

ID CVE-2025-13523
Sažetak Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557
Reference
CVSS
Base: 7.7
Impact: 5.8
Exploitability:1.3
Pristup
VektorSloženostAutentikacija
NETWORK HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH NONE
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Zadnje važnije ažuriranje 24-02-2026 - 21:17
Objavljeno 06-02-2026 - 16:16