CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Mattermost: >> Confluence >> 1.5.0 Security Vulnerabilities

CVE-2025-13523

Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557

CVSS Score

7.7

EPSS Score

0.0

Published

2026-02-06

Page 1

Vulnerabilities

Vulnerable Software

Mattermost: >> Confluence >> 1.5.0 Security Vulnerabilities

Products

Pricing

Contact Us