2 matches found
CVE-2022-23656
Zulip Server (main branch, from June 2021 onward) is vulnerable to a cross-site scripting (XSS) issue on the recent topics page. The vulnerability arises from insufficient validation of client-side data, allowing an attacker to craft a malicious full name and trigger JavaScript execution when a v...
CVE-2022-23656 Cross-site scripting vulnerability in Zulip Server
Zulip is an open source team chat app. The main development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several...