Zulip Server Security Vulnerabilities and Issues — Zulip Server CVE List

Lucene search

ZulipZulip Server

6 matches found

CVE•added 2022/03/02 9:15 p.m.•555 views

CVE-2022-23656

Zulip is an open source team chat app. The main development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several pa...

5.4CVSS5.1AI score0.00302EPSS

CVE•added 2018/04/18 8:29 a.m.•124 views

CVE-2018-9999

In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.

5.4CVSS5.2AI score0.00655EPSS

CVE•added 2021/04/15 12:15 a.m.•46 views

CVE-2021-30479

An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.

5.3CVSS5.3AI score0.00203EPSS

CVE•added 2020/08/21 5:15 a.m.•43 views

CVE-2020-14194

Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.

5.8CVSS5.4AI score0.00197EPSS

CVE•added 2020/04/20 8:15 p.m.•37 views

CVE-2020-10935

Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.

5.4CVSS5.1AI score0.00302EPSS

CVE•added 2019/09/18 12:15 p.m.•28 views

CVE-2019-16216

Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack i...

5.4CVSS5.2AI score0.00302EPSS