Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zulip vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-9986
In Zulip Server versions prior to 1.7.2, there were XSS issues with the frontend markdown processor.
Zulip Zulip Server
3.5
CVSSv2
CVE-2022-23656
Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a ...
Zulip Zulip Server
5.8
CVSSv2
CVE-2020-9444
Zulip Server prior to 2.1.3 allows reverse tabnabbing via the Markdown functionality.
Zulip Zulip Server
3.5
CVSSv2
CVE-2019-16216
Zulip server prior to 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads ...
Zulip Zulip Server
4
CVSSv2
CVE-2019-16215
The Markdown parser in Zulip server prior to 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing ...
Zulip Zulip Server
4
CVSSv2
CVE-2017-0881
An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server prior to 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from an existing member to ...
Zulip Zulip Server
4
CVSSv2
CVE-2017-0910
In Zulip Server prior to 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm.
Zulip Zulip Server
4.3
CVSSv2
CVE-2020-9445
Zulip Server prior to 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
Zulip Zulip Server
5.8
CVSSv2
CVE-2019-19775
The image thumbnailing handler in Zulip Server versions 1.9.0 to prior to 2.0.8 allowed an open redirect that was visible to logged-in users.
Zulip Zulip Server
2 Github repositories
7.5
CVSSv2
CVE-2019-18933
In Zulip Server versions from 1.7.0 to prior to 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal...
Zulip Zulip Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »