{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T20:15:10.813","vulnerabilities":[{"cve":{"id":"CVE-2025-13523","sourceIdentifier":"responsibledisclosure@mattermost.com","published":"2026-02-06T16:16:13.370","lastModified":"2026-02-24T21:17:01.753","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557"},{"lang":"es","value":"El plugin de Mattermost Confluence versión &lt;1.7.0 no logra escapar correctamente los nombres de visualización controlados por el usuario en la renderización de plantillas HTML, lo que permite a usuarios autenticados de Confluence con nombres de visualización maliciosos ejecutar JavaScript arbitrario en los navegadores de las víctimas mediante el envío de un enlace de conexión OAuth2 especialmente diseñado que, al ser visitado, renderiza el nombre de visualización del atacante sin la sanitización adecuada. ID de Aviso de Mattermost: MMSA-2025-00557"}],"metrics":{"cvssMetricV31":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"responsibledisclosure@mattermost.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mattermost:confluence:*:*:*:*:*:mattermost:*:*","versionStartIncluding":"1.0.0","versionEndExcluding":"1.7.0","matchCriteriaId":"FB44BA2C-F5F8-4EC2-BC65-49A9F498780E"}]}]}],"references":[{"url":"https://mattermost.com/security-updates","source":"responsibledisclosure@mattermost.com","tags":["Vendor Advisory"]}]}}]}