Primary

Context

Mattermost Confluence Plugin HTML Injection Vulnerability Allowing Cross-Site Scripting

Vulnerability

A cross-site scripting vulnerability has been identified in the Mattermost Confluence plugin, specifically in versions prior to 1.7.0. The issue arises because the plugin fails to properly escape user-controlled display names during HTML template rendering. This flaw enables authenticated Confluence users with malicious display names to execute arbitrary JavaScript in the browsers of victims. The exploitation involves sending a crafted OAuth2 connection link that, when clicked, displays the attacker's unvalidated display name, thereby executing the embedded JavaScript.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's browser.

Remediation

Users can update to Mattermost Confluence plugin version 1.7.0 or later to address this vulnerability.

Added: Feb 6, 2026, 4:20 PM

Updated: Feb 7, 2026, 12:10 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.4

remediation

0.0

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

4.4

remediation

0.0

relevance

2.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mattermost Confluence Plugin HTML Injection Vulnerability Allowing Cross-Site Scripting

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating