Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip zulip vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-9987
In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x prior to 1.7.2, there was an XSS issue with muting notifications.
Zulip Zulip Server
4.3
CVSSv2
CVE-2018-9990
In Zulip Server versions prior to 1.7.2, there was an XSS issue with stream names in topic typeahead.
Zulip Zulip Server
4
CVSSv2
CVE-2022-31134
Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to ad...
Zulip Zulip Server
4
CVSSv2
CVE-2021-41115
Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organizatio...
Zulip Zulip
4
CVSSv2
CVE-2021-30477
An issue exists in Zulip Server prior to 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send mes...
Zulip Zulip Server
4
CVSSv2
CVE-2021-30478
An issue exists in Zulip Server prior to 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations ho...
Zulip Zulip Server
4
CVSSv2
CVE-2021-30487
In the topic moving API in Zulip Server 3.x prior to 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
Zulip Zulip Server
4
CVSSv2
CVE-2019-16215
The Markdown parser in Zulip server prior to 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing ...
Zulip Zulip Server
4
CVSSv2
CVE-2017-0910
In Zulip Server prior to 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
Zulip Zulip Server
4
CVSSv2
CVE-2017-0896
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organization was configured to...
Zulip Zulip Server 1.3.11
Zulip Zulip Server 1.3.2
Zulip Zulip Server 1.3.8
Zulip Zulip Server 1.3.1
Zulip Zulip Server 1.4.0
Zulip Zulip Server 1.3.3
Zulip Zulip Server 1.3.12
Zulip Zulip Server 1.3.10
Zulip Zulip Server 1.3.6
Zulip Zulip Server 1.4.2
Zulip Zulip Server 1.3.7
Zulip Zulip Server 1.5.1
Zulip Zulip Server 1.4.3
Zulip Zulip Server 1.3.0
Zulip Zulip Server 1.3.4
Zulip Zulip Server 1.5.0
Zulip Zulip Server 1.3.13
Zulip Zulip Server 1.4.1
Zulip Zulip Server 1.3.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »