{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "6.12.0-rc1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.12.0-rc2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.12.0-rc3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.12.0-rc4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.12.0-rc5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.12.0-rc6" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "6.7.9" }, { "introduced": "6.8.0" }, { "fixed": "6.8.7" }, { "introduced": "6.9.0" }, { "fixed": "6.9.7" }, { "introduced": "6.10.0" }, { "fixed": "6.10.6" }, { "introduced": "6.11.0" }, { "fixed": "6.11.3" }, { "introduced": "0" }, { "last_affected": "6.12.0-NA" } ] }, "events": [ { "introduced": "0" }, { "fixed": "f31f31ef96e54751f0e7ba45eb70457ae83df798" }, { "introduced": "87005cbff2c8a2a5b066991de94e680b82f6590c" }, { "fixed": "9f4a610672ab2bd7e228e27567a1e1da0cf6c6eb" }, { "introduced": "3b820dcd208302b880dfea14b26962e8c63a87ce" }, { "fixed": "ec179e79d45766ae28743e288cb0d72dcd0f97cf" }, { "introduced": "623a265851c5eea52c293ddd2fee6a549a5eae87" }, { "fixed": "b0bb7f0d0bf1026b7f9cf500833b018af70a7222" }, { "introduced": "640d569eeb0ea4e46b8525b84b27d56fab661a41" }, { "fixed": "536884c6522a5f75d5faddd7ab65d1e6a19a7f43" }, { "introduced": "0" }, { "last_affected": "ecff0a61cc9dce7597743799da098629ad9a088d" } ], "repo": "https://github.com/rocketchat/rocket.chat", "type": "GIT" } ] } ], "details": "Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cross-site Scripting (XSS). Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload.", "id": "CVE-2024-46934", "modified": "2026-03-10T21:52:15.395562842Z", "published": "2024-09-25T01:15:44.597Z", "references": [ { "type": "ADVISORY", "url": "https://docs.rocket.chat/docs/rocketchat-security-fixes-updates-and-advisories" }, { "type": "FIX", "url": "https://github.com/RocketChat/Rocket.Chat/pull/33246" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }