CVE-2025-13523 — Vulnetix

CVE-2025-13523 PUBLISHED CVSS 7.699999809265137 HIGH

Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557

EPSS 0.02% · 3.1th percentile

Risk Scores

CVSS v3.1

7.699999809265137

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS Score

0.02%

3.1th percentile

Affected Products

Vendor	Product	Versions
mattermost	confluence	1.0.0, 1.0.0
github.com	mattermost/mattermost-plugin-confluence	0, 0
Mattermost	Mattermost Confluence Plugin	1.7.0, 0, 1.7.0

Timeline

Feb 6, 2026 CVE Published
Feb 6, 2026 PoC Published
Feb 7, 2026 EPSS Score
Feb 9, 2026 EPSS Score
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 15, 2026 EPSS Score
Feb 18, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 24, 2026 EPSS Score
Feb 26, 2026 EPSS Score

References

https://mattermost.com/security-updates advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-13523 advisory
https://github.com/mattermost/mattermost-plugin-confluence package

Open in Interactive Console →