Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip zulip vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-43799
Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server before 4.9, the initial installation (until first reboot, or restart of RabbitMQ) does not successfully limit the default ports which RabbitMQ...
Zulip Zulip
5
CVSSv2
CVE-2021-43791
Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitations were not enforced properly in the new account registration flow. A confirma...
Zulip Zulip
5
CVSSv2
CVE-2021-30479
An issue exists in Zulip Server prior to 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
Zulip Zulip Server
5
CVSSv2
CVE-2020-10858
Zulip Desktop prior to 5.0.0 allows malicious users to perform recording via the webcam and microphone due to a missing permission request handler.
Zulip Zulip Desktop
5
CVSSv2
CVE-2020-14215
Zulip Server prior to 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
Zulip Zulip Server
4.3
CVSSv2
CVE-2020-24582
Zulip Desktop prior to 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
Zulipchat Zulip Desktop
4.3
CVSSv2
CVE-2020-12759
Zulip Server prior to 2.1.5 allows reflected XSS via the Dropbox webhook.
Zulip Zulip Server
4.3
CVSSv2
CVE-2020-9445
Zulip Server prior to 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
Zulip Zulip Server
4.3
CVSSv2
CVE-2020-9443
Zulip Desktop prior to 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.
Zulipchat Zulip Desktop
4.3
CVSSv2
CVE-2018-9986
In Zulip Server versions prior to 1.7.2, there were XSS issues with the frontend markdown processor.
Zulip Zulip Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »