Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip zulip vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-9986
In Zulip Server versions prior to 1.7.2, there were XSS issues with the frontend markdown processor.
Zulip Zulip Server
4.3
CVSSv2
CVE-2018-9990
In Zulip Server versions prior to 1.7.2, there was an XSS issue with stream names in topic typeahead.
Zulip Zulip Server
3.5
CVSSv2
CVE-2018-9999
In Zulip Server versions prior to 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.
Zulip Zulip Server
1 Github repository
4
CVSSv2
CVE-2021-30487
In the topic moving API in Zulip Server 3.x prior to 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
Zulip Zulip Server
7.5
CVSSv2
CVE-2022-21706
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where...
Zulip Zulip Server
NA
CVE-2023-33186
Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and ...
Zulip Zulip Server 7.0
NA
CVE-2023-22735
Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Secur...
Zulip Zulip Server 2023-01-09
2.1
CVSSv2
CVE-2019-10476
Jenkins Zulip Plugin 1.1.0 and previous versions stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system.
Jenkins Zulip
4.3
CVSSv2
CVE-2020-9443
Zulip Desktop prior to 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.
Zulipchat Zulip Desktop
4.3
CVSSv2
CVE-2020-24582
Zulip Desktop prior to 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
Zulipchat Zulip Desktop
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »