[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-18907":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":48,"downstream":49,"duplicates":52,"related":53,"reserved_at":9,"published_at":55,"modified_at":56,"state":57,"summary":58,"references_raw":67,"kevs":107,"epss":108,"epss_history":111,"metrics":371,"affected":384},"CVE-2017-18907","An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46,47],"GHSA-42x9-rr3c-gr59","GO-2026-4459",[],[50],{"_key":51},"SUSE-SU-2026:0757-1",[],[54],{"_key":51},"2020-06-19T19:19:38.000Z","2024-08-05T21:37:44.314Z","Modified",{"cisa_kev":59,"cisa_ransomware":59,"cisa_vendor":9,"epss_severity":60,"epss_score":61,"severity":62,"severity_score":63,"severity_version":64,"severity_source":65,"severity_vector":66,"severity_status":57},false,"low",0.00359,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[68,75,81,86,90,94,99,103],{"url":69,"sources":70,"tags":72},"https://mattermost.com/security-updates/",[71,65],"cve.org",[73,74],"X Refsource CONFIRM","Vendor Advisory",{"url":76,"sources":77,"tags":79},"https://nvd.nist.gov/vuln/detail/CVE-2017-18907",[78],"osv_go",[80],"Advisory",{"url":82,"sources":83,"tags":84},"https://github.com/mattermost/mattermost/commit/312269ad0bd166174f07f9df7391fce714601600",[78],[85],"WEB",{"url":87,"sources":88,"tags":89},"https://github.com/mattermost/mattermost/commit/4519b03d95e8bfe1b2f74094673ae1a2f39f6b47",[78],[85],{"url":91,"sources":92,"tags":93},"https://github.com/mattermost/mattermost/commit/a18479df0940be8503c9b88993490741793eba9e",[78],[85],{"url":95,"sources":96,"tags":97},"https://github.com/mattermost/mattermost",[78],[98],"PACKAGE",{"url":100,"sources":101,"tags":102},"https://mattermost.com/security-updates",[78],[85],{"url":104,"sources":105,"tags":106},"https://github.com/advisories/GHSA-42x9-rr3c-gr59",[78],[80],[],{"date":109,"score":61,"percentile":110},"2026-06-05",0.58427,[112,115,118,121,124,127,130,133,136,139,142,145,147,150,153,156,159,162,165,168,171,174,177,180,182,185,188,191,194,197,200,203,206,209,212,215,218,221,224,227,230,233,236,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,295,298,301,304,307,310,313,316,318,321,324,326,329,332,334,337,339,342,344,347,350,352,354,357,360,362,365,368],{"date":113,"score":61,"percentile":114},"2025-11-04",0.57433,{"date":116,"score":61,"percentile":117},"2025-11-05",0.57413,{"date":119,"score":61,"percentile":120},"2025-11-06",0.57415,{"date":122,"score":61,"percentile":123},"2025-11-07",0.5743,{"date":125,"score":61,"percentile":126},"2025-11-08",0.57432,{"date":128,"score":61,"percentile":129},"2025-11-09",0.57421,{"date":131,"score":61,"percentile":132},"2025-11-10",0.57397,{"date":134,"score":61,"percentile":135},"2025-11-11",0.5741,{"date":137,"score":61,"percentile":138},"2025-11-12",0.57434,{"date":140,"score":61,"percentile":141},"2025-11-13",0.57439,{"date":143,"score":61,"percentile":144},"2025-11-14",0.57442,{"date":146,"score":61,"percentile":114},"2025-11-15",{"date":148,"score":61,"percentile":149},"2025-11-16",0.57417,{"date":151,"score":61,"percentile":152},"2025-11-17",0.57414,{"date":154,"score":61,"percentile":155},"2025-11-18",0.55281,{"date":157,"score":61,"percentile":158},"2025-11-19",0.55297,{"date":160,"score":61,"percentile":161},"2025-11-20",0.55286,{"date":163,"score":61,"percentile":164},"2025-11-21",0.57431,{"date":166,"score":61,"percentile":167},"2025-11-22",0.57427,{"date":169,"score":61,"percentile":170},"2025-11-23",0.574,{"date":172,"score":61,"percentile":173},"2025-11-24",0.57395,{"date":175,"score":61,"percentile":176},"2025-11-25",0.57398,{"date":178,"score":61,"percentile":179},"2025-11-26",0.57399,{"date":181,"score":61,"percentile":170},"2025-11-27",{"date":183,"score":61,"percentile":184},"2025-11-28",0.57373,{"date":186,"score":61,"percentile":187},"2025-11-29",0.57359,{"date":189,"score":61,"percentile":190},"2025-11-30",0.57354,{"date":192,"score":61,"percentile":193},"2025-12-01",0.5751,{"date":195,"score":61,"percentile":196},"2025-12-02",0.57526,{"date":198,"score":61,"percentile":199},"2025-12-03",0.57524,{"date":201,"score":61,"percentile":202},"2025-12-04",0.57352,{"date":204,"score":61,"percentile":205},"2025-12-05",0.57365,{"date":207,"score":61,"percentile":208},"2025-12-06",0.57364,{"date":210,"score":61,"percentile":211},"2025-12-07",0.57361,{"date":213,"score":61,"percentile":214},"2025-12-08",0.57362,{"date":216,"score":61,"percentile":217},"2025-12-09",0.57387,{"date":219,"score":61,"percentile":220},"2025-12-10",0.57441,{"date":222,"score":61,"percentile":223},"2025-12-11",0.57467,{"date":225,"score":61,"percentile":226},"2025-12-12",0.57491,{"date":228,"score":61,"percentile":229},"2025-12-13",0.57489,{"date":231,"score":61,"percentile":232},"2025-12-14",0.57492,{"date":234,"score":61,"percentile":235},"2025-12-15",0.57475,{"date":237,"score":61,"percentile":238},"2025-12-16",0.5749,{"date":240,"score":61,"percentile":241},"2025-12-17",0.57502,{"date":243,"score":61,"percentile":244},"2025-12-18",0.57538,{"date":246,"score":61,"percentile":247},"2025-12-19",0.57546,{"date":249,"score":61,"percentile":250},"2025-12-20",0.57544,{"date":252,"score":61,"percentile":253},"2025-12-21",0.57523,{"date":255,"score":61,"percentile":256},"2025-12-22",0.57506,{"date":258,"score":61,"percentile":259},"2025-12-23",0.57515,{"date":261,"score":61,"percentile":262},"2025-12-24",0.57528,{"date":264,"score":61,"percentile":265},"2025-12-25",0.57572,{"date":267,"score":61,"percentile":268},"2025-12-26",0.57567,{"date":270,"score":61,"percentile":271},"2025-12-27",0.57621,{"date":273,"score":61,"percentile":274},"2025-12-28",0.57539,{"date":276,"score":61,"percentile":277},"2025-12-29",0.57531,{"date":279,"score":61,"percentile":280},"2025-12-30",0.57532,{"date":282,"score":61,"percentile":283},"2025-12-31",0.57564,{"date":285,"score":61,"percentile":286},"2026-01-01",0.57736,{"date":288,"score":61,"percentile":289},"2026-01-02",0.57718,{"date":291,"score":61,"percentile":292},"2026-01-03",0.57715,{"date":294,"score":61,"percentile":274},"2026-01-04",{"date":296,"score":61,"percentile":297},"2026-01-05",0.57529,{"date":299,"score":61,"percentile":300},"2026-01-06",0.5754,{"date":302,"score":61,"percentile":303},"2026-01-07",0.57568,{"date":305,"score":61,"percentile":306},"2026-01-08",0.57589,{"date":308,"score":61,"percentile":309},"2026-01-09",0.57594,{"date":311,"score":61,"percentile":312},"2026-01-10",0.57591,{"date":314,"score":61,"percentile":315},"2026-01-11",0.57575,{"date":317,"score":61,"percentile":244},"2026-01-12",{"date":319,"score":61,"percentile":320},"2026-01-13",0.57518,{"date":322,"score":61,"percentile":323},"2026-01-14",0.57561,{"date":325,"score":61,"percentile":283},"2026-01-15",{"date":327,"score":61,"percentile":328},"2026-01-16",0.5759,{"date":330,"score":61,"percentile":331},"2026-01-17",0.57578,{"date":333,"score":61,"percentile":265},"2026-01-18",{"date":335,"score":61,"percentile":336},"2026-01-19",0.57559,{"date":338,"score":61,"percentile":283},"2026-01-20",{"date":340,"score":61,"percentile":341},"2026-01-21",0.5757,{"date":343,"score":61,"percentile":303},"2026-01-22",{"date":345,"score":61,"percentile":346},"2026-01-23",0.57606,{"date":348,"score":61,"percentile":349},"2026-01-24",0.57612,{"date":351,"score":61,"percentile":315},"2026-01-25",{"date":353,"score":61,"percentile":323},"2026-01-26",{"date":355,"score":61,"percentile":356},"2026-01-27",0.57573,{"date":358,"score":61,"percentile":359},"2026-01-28",0.5758,{"date":361,"score":61,"percentile":359},"2026-01-29",{"date":363,"score":61,"percentile":364},"2026-01-30",0.57579,{"date":366,"score":61,"percentile":367},"2026-01-31",0.57581,{"date":369,"score":61,"percentile":370},"2026-02-01",0.57726,[372,382],{"source":65,"cvss_v2_0":373,"cvss_v3_0":9,"cvss_v3_1":378,"cvss_v4_0":9},{"baseScore":374,"baseSeverity":9,"vectorString":375,"impactScore":376,"exploitabilityScore":377},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":63,"baseSeverity":379,"vectorString":66,"impactScore":380,"exploitabilityScore":381},"MEDIUM",4.5,7.2,{"source":78,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":383,"cvss_v4_0":9},{"baseScore":63,"baseSeverity":9,"vectorString":66,"impactScore":380,"exploitabilityScore":381},[385,407],{"ecosystem":386,"name":387,"vendor":388,"product":389,"cpe_part":9,"purl_type":390,"purl_namespace":388,"purl_name":389,"source":9,"versions":391},"Go","github.com/mattermost/mattermost-server","github.com/mattermost","mattermost-server","golang",[392,398,403],{"version":393,"is_range":394,"range_type":395,"version_start":9,"version_start_type":9,"version_end":396,"version_end_type":397,"fixed_in":9},"lt3_9_2_0_20170714014920_312269ad0bd1",true,"semver","3.9.2-0.20170714014920-312269ad0bd1","excluding",{"version":399,"is_range":394,"range_type":395,"version_start":400,"version_start_type":401,"version_end":402,"version_end_type":397,"fixed_in":9},"gte3_10_0_lt3_10_2","3.10.0","including","3.10.2",{"version":404,"is_range":394,"range_type":395,"version_start":405,"version_start_type":401,"version_end":406,"version_end_type":397,"fixed_in":9},"gte3_10_0+incompatible_lt3_10_2+incompatible","3.10.0+incompatible","3.10.2+incompatible",{"ecosystem":9,"name":408,"vendor":409,"product":410,"cpe_part":411,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":412},"mattermost server","mattermost","mattermost_server","a",[413,417],{"version":414,"is_range":394,"range_type":415,"version_start":9,"version_start_type":9,"version_end":416,"version_end_type":397,"fixed_in":9},"lt3.9.2","cpe","3.9.2",{"version":418,"is_range":394,"range_type":415,"version_start":400,"version_start_type":401,"version_end":402,"version_end_type":397,"fixed_in":9},"gte3.10.0_lt3.10.2"]