13 matches found
CVE-2022-23656
Zulip is an open source team chat app. The main development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several...
EUVD-2017-1249
Malware in sbrugna...
EUVD-2017-1253
Malware in sbrugna...
EUVD-2025-8854
Malicious code in bioql PyPI...
EUVD-2024-52989
Malicious code in bioql PyPI...
CVE-2025-52559
Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting XSS vulnerability in both topi...
CVE-2025-52559 Zulip XSS in digest preview URL
Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting XSS vulnerability in both topi...
CVE-2019-19775
The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users...
CVE-2022-21706
Zulip is an open-source team collaboration tool with topic-based threading. Zulip Server version 2.0.0 and above are vulnerable to insufficient access control with multi-use invitations. A Zulip Server deployment which hosts multiple organizations is vulnerable to an attack where an invitation...
CVE-2022-36048 IP address leak via image proxy bypass in Zulip Server
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL...
PT-2022-23141 · Unknown · Zulip Server
Name of the Vulnerable Software and Affected Versions: Zulip Server versions prior to 5.6 Description: The issue arises when displaying messages with embedded remote images. Normally, Zulip loads the image preview via a go-camo proxy server. However, an attacker who can send messages could includ...
Unspecified vulnerability in Zulip server (CNVD-2021-39546)
Zulip server is an open source team chat application from the American company Zulip. A security vulnerability exists in version 3.x prior to Zulip Server 3.4, which stems from the ability of an organization administrator to move messages to streams in other organizations hosted by the same Zulip...
Zulip server cross-site scripting vulnerability (CNVD-2021-10499)
Zulip server is an open source team chat application from the American company Zulip. A cross-site scripting vulnerability exists in Zulip server versions prior to 2.0.5. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit this...