Vulnerabilities > Zulip > Low

DATE CVE VULNERABILITY TITLE RISK
2023-05-19 CVE-2023-28623 Missing Authorization vulnerability in Zulip
Zulip is an open-source team collaboration tool with unique topic-based threading.
network
high complexity
zulip CWE-862
3.7
2023-05-19 CVE-2023-32677 Missing Authorization vulnerability in Zulip
Zulip is an open-source team collaboration tool with unique topic-based threading.
network
high complexity
zulip CWE-862
3.1
2022-11-16 CVE-2022-41914 Information Exposure Through Discrepancy vulnerability in Zulip Server
Zulip is an open-source team collaboration tool.
network
high complexity
zulip CWE-203
3.7
2022-06-25 CVE-2022-31017 Always-Incorrect Control Flow Implementation vulnerability in Zulip
Zulip is an open-source team collaboration tool.
network
high complexity
zulip CWE-670
2.1
2022-03-02 CVE-2022-23656 Cross-site Scripting vulnerability in Zulip Server
Zulip is an open source team chat app.
network
zulip CWE-79
3.5
2022-01-20 CVE-2021-3866 Cross-site Scripting vulnerability in Zulip
Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.
network
zulip CWE-79
3.5
2020-04-20 CVE-2020-10935 Cross-site Scripting vulnerability in Zulip Server
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
network
zulip CWE-79
3.5
2019-09-18 CVE-2019-16216 Cross-site Scripting vulnerability in Zulip Server
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files.
network
zulip CWE-79
3.5
2018-04-18 CVE-2018-9999 Cross-site Scripting vulnerability in Zulip Server
In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.
network
zulip CWE-79
3.5