Zulip: >> Zulip Server >> 2.0.7 Security Vulnerabilities
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-08-21
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-04-20
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-04-20
Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-04-20
The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-12-18
Page 2