Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip zulip vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-12759
Zulip Server prior to 2.1.5 allows reflected XSS via the Dropbox webhook.
Zulip Zulip Server
6.1
CVSSv3
CVE-2020-9444
Zulip Server prior to 2.1.3 allows reverse tabnabbing via the Markdown functionality.
Zulip Zulip Server
6.1
CVSSv3
CVE-2020-9445
Zulip Server prior to 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
Zulip Zulip Server
6.1
CVSSv3
CVE-2020-9443
Zulip Desktop prior to 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.
Zulipchat Zulip Desktop
6.1
CVSSv3
CVE-2019-19775
The image thumbnailing handler in Zulip Server versions 1.9.0 to prior to 2.0.8 allowed an open redirect that was visible to logged-in users.
Zulip Zulip Server
2 Github repositories
6.1
CVSSv3
CVE-2018-9986
In Zulip Server versions prior to 1.7.2, there were XSS issues with the frontend markdown processor.
Zulip Zulip Server
6.1
CVSSv3
CVE-2018-9987
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x prior to 1.7.2, there was an XSS issue with muting notifications.
Zulip Zulip Server
6.1
CVSSv3
CVE-2018-9990
In Zulip Server versions prior to 1.7.2, there was an XSS issue with stream names in topic typeahead.
Zulip Zulip Server
5.7
CVSSv3
CVE-2022-35962
Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in versio...
Zulip Zulip
5.4
CVSSv3
CVE-2022-23656
Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a ...
Zulip Zulip Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »