6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.0%
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
blog.zulip.com/2020/09/10/zulip-desktop-5-4-3-security-release/