{"id":"CVE-2025-13523","details":"Mattermost Confluence plugin version \u003c1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557","aliases":["GHSA-ffx7-34p2-vm3w","GO-2026-4456"],"modified":"2026-03-12T17:36:33.665413Z","published":"2026-02-06T16:16:13.370Z","related":["SUSE-SU-2026:0757-1"],"references":[{"type":"ADVISORY","url":"https://mattermost.com/security-updates"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"1.0.0"},{"fixed":"1.7.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13523.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}