Lucene search
K

6 matches found

CVE
CVE
added 2022/02/26 11:0 p.m.101 views

CVE-2021-3967

CVE-2021-3967 affects zulip/zulip prior to 4.10. The issue is an improper access-control vulnerability where an endpoint intended to protect API key handling allows regenerating an authenticated user’s API key without re-authentication, enabling an attacker with a valid session to obtain the key....

8.8CVSS6.4AI score0.00825EPSS
Exploits1References2Affected Software1
Huntr
Huntr
added 2022/02/15 9:21 a.m.33 views

Improper Access Control in zulip/zulip

Description According to the current design of the application, when the user wants to get value of apikey, API /json/fetchapikey will require password to authentication. However, the application exists another API routed at /json/users/me/apikey/regenerate that allows regenerating apikey value a...

6.5CVSS0.1AI score0.00825EPSS
Exploits1
OSV
OSV
added 2022/01/20 11:15 a.m.22 views

CVE-2021-3866

Cross-site Scripting XSS - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6...

5.4CVSS6AI score0.0089EPSS
Exploits1References3
NVD
NVD
added 2022/01/20 11:15 a.m.18 views

CVE-2021-3866

Cross-site Scripting XSS - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6...

6.8CVSS0.0089EPSS
Exploits1References3
Prion
Prion
added 2022/01/20 11:15 a.m.20 views

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6...

3.5CVSS5.3AI score0.0089EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/01/20 10:30 a.m.19 views

CVE-2021-3866 Cross-site Scripting (XSS) - Stored in zulip/zulip

Cross-site Scripting XSS - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6...

6.8CVSS5.6AI score0.0089EPSS
Exploits1References3
Rows per page
Query Builder