Shodan
Vulnerabilities
Vulnerable Software
Zulip:  >> Zulip Server  >> 2.1.2  Security Vulnerabilities
CVE-2020-14215
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-08-21
CVE-2020-15070
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
CVSS Score
8.8
EPSS Score
0.007
Published
2020-08-21
CVE-2020-10935
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-04-20
CVE-2020-9444
Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-04-20
CVE-2020-9445
Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
CVSS Score
6.1
EPSS Score
0.004
Published
2020-04-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved