3 matches found
CVE-2020-10935
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover...
CVE-2020-10935
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover...
CVE-2020-10935
Summary: CVE-2020-10935 affects Zulip Server prior to 2.1.3. The issue is a stored cross-site scripting (XSS) vulnerability in which JavaScript can be injected via a Markdown link in any channel stream due to insufficient input sanitization, potentially allowing an attacker to take over user acco...