Rocket.Chat: Stored XSS Vulnerability in Electron Desktop Application

In Rocket.Chat Electron desktop application versions through 6.3.4 a low severity vulnerability CVE-2024-45621 was detected. This vulnerability allows attackers to execute stored XSS via links in an uploaded file. The issue arises from the failure to use a separate browser when encountering third-party external actions from PDF documents. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45621.