Rocket.Chat fixed a persistent XSS found by our researcher Igor Sak-Sakovskiy. The vulnerability was triggered by sending a text message, resulting in an arbitrary file read or RCE on the recipients desktop system. https://hackerone.com/reports/1014459 969 views14:25