CVE-2018-9999
CVE-2018-9999 affects Zulip Server prior to 1.7.2. The issue is an XSS vulnerability triggered by user uploads when using the default LOCAL_UPLOADS_DIR storage backend. The connected sources confirm this is a cross-site scripting flaw in versions