Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

NVD
NVDadded 2023/02/07 7:15 p.m.10 views

CVE-2023-22735

Zulip is an open-source team collaboration tool. In versions of zulip prior to commit 2f6c5a8 but after commit 04cf68b users could upload files with arbitrary Content-Type which would be served from the Zulip hostname with Content-Disposition: inline and no Content-Security-Policy header, allowin...

4.6CVSS4.8AI score0.00515EPSS
Exploits0References4
CVE
CVEadded 2023/02/07 6:48 p.m.61 views

CVE-2023-22735

CVE-2023-22735 affects Zulip: prior to commit 2f6c5a8 but after 04cf68b, files uploaded with arbitrary Content-Type could be served from the Zulip hostname with Content-Disposition: inline and without a Content-Security-Policy header, enabling execution of arbitrary JavaScript in the Zulip contex...

4.6CVSS4.8AI score0.00515EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder