{"id":"CVE-2021-37859","details":"Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost.","modified":"2026-03-14T11:04:36.219849Z","published":"2021-08-05T20:15:09.533Z","references":[{"type":"ADVISORY","url":"https://mattermost.com/security-updates/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mattermost/mattermost-server","events":[{"introduced":"0408a9699e5822238844993166bed36cd91ebb6c"},{"fixed":"c310cd8dd511b53cf59142c66dae40a02efb49d8"},{"introduced":"c59c309bbbd56564f44ae34af6e7b1fa9b7f5b29"},{"fixed":"ea897899bebc97fb2e7063d61f04b21905e47c6a"},{"introduced":"ab85b70be324433456ebdfc0fd6d132da71cff7e"},{"fixed":"5c18142f0f33cf0133ae11bd1240e20e49d28678"}],"database_specific":{"versions":[{"introduced":"5.32.0"},{"fixed":"5.34.5"},{"introduced":"5.35.0"},{"fixed":"5.35.4"},{"introduced":"5.36.0"},{"fixed":"5.36.1"}]}}],"versions":["v5.35.0","v5.35.1","v5.35.2","v5.35.3","v5.36.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37859.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}