10 matches found
CVE-2024-36625
Zulip 8.3 is vulnerable to Cross Site Scripting XSS via the replaceemojiwithtext function in uiutil.ts...
CVE-2024-36624
Zulip 8.3 is vulnerable to Cross Site Scripting XSS via the constructcopydiv function in copyandpaste.js...
CVE-2024-36625
Zulip 8.3 is vulnerable to Cross Site Scripting XSS via the replaceemojiwithtext function in uiutil.ts...
CVE-2024-36624
Zulip 8.3 is vulnerable to Cross Site Scripting XSS via the constructcopydiv function in copyandpaste.js...
CVE-2024-36624
Zulip 8.3 is vulnerable to Cross Site Scripting XSS via the constructcopydiv function in copyandpaste.js...
CVE-2024-36624
CVE-2024-36624 affects Zulip 8.3 and is caused by the construct_copy_div function in copy_and_paste.js, enabling Cross-Site Scripting (XSS). The vulnerability is confirmed across multiple feeds (NVD, OSV, CVE list) with the same description. Practical impact is XSS via copying/pasting content thr...
CVE-2024-36625
Zulip 8.3 is vulnerable to Cross Site Scripting XSS via the replaceemojiwithtext function in uiutil.ts...
CVE-2024-36625
Zulip 8.3 is vulnerable to Cross-Site Scripting (XSS) through the replace_emoji_with_text function in ui_util.ts. The Red Hat, NVD, OSV, CIRCL, CNNVD, CVE.org, and PT Security entries consistently describe this XSS vector involving the emoji replacement logic, but do not provide a tested exploit ...
CVE-2024-36624
Zulip 8.3 is vulnerable to Cross Site Scripting XSS via the constructcopydiv function in copyandpaste.js...
CVE-2024-36625
Zulip 8.3 is vulnerable to Cross Site Scripting XSS via the replaceemojiwithtext function in uiutil.ts...