6 matches found
CVE-2021-3967
CVE-2021-3967 affects zulip/zulip prior to 4.10. The issue is an improper access-control vulnerability where an endpoint intended to protect API key handling allows regenerating an authenticated user’s API key without re-authentication, enabling an attacker with a valid session to obtain the key....
Improper Access Control in zulip/zulip
Description According to the current design of the application, when the user wants to get value of apikey, API /json/fetchapikey will require password to authentication. However, the application exists another API routed at /json/users/me/apikey/regenerate that allows regenerating apikey value a...
CVE-2021-3866
Cross-site Scripting XSS - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6...
CVE-2021-3866
Cross-site Scripting XSS - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6...
CVE-2021-3866 Cross-site Scripting (XSS) - Stored in zulip/zulip
Cross-site Scripting XSS - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6...