Vulnerabilities > Zulip > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-20 CVE-2021-3866 Cross-site Scripting vulnerability in Zulip
Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.
network
low complexity
zulip CWE-79
5.4
2021-12-02 CVE-2021-43791 Insufficient Session Expiration vulnerability in Zulip
Zulip is an open source group chat application that combines real-time chat with threaded conversations.
network
low complexity
zulip CWE-613
5.3
2021-10-07 CVE-2021-41115 Unspecified vulnerability in Zulip
Zulip is an open source team chat server.
network
low complexity
zulip
6.5
2021-04-15 CVE-2021-30479 Improper Privilege Management vulnerability in Zulip Server
An issue was discovered in Zulip Server before 3.4.
network
low complexity
zulip CWE-269
5.3
2021-04-15 CVE-2021-30478 Improper Privilege Management vulnerability in Zulip Server
An issue was discovered in Zulip Server before 3.4.
network
low complexity
zulip CWE-269
4.3
2021-04-15 CVE-2021-30477 Unspecified vulnerability in Zulip Server
An issue was discovered in Zulip Server before 3.4.
network
low complexity
zulip
4.3
2021-02-05 CVE-2020-10858 Missing Authorization vulnerability in Zulip Desktop
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler.
network
low complexity
zulip CWE-862
5.3
2020-08-21 CVE-2020-14194 Improper Privilege Management vulnerability in Zulip Server
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
network
low complexity
zulip CWE-269
5.4
2020-08-21 CVE-2020-12759 Cross-site Scripting vulnerability in Zulip Server
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.
network
low complexity
zulip CWE-79
6.1
2020-04-20 CVE-2020-9445 Cross-site Scripting vulnerability in Zulip Server
Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
network
low complexity
zulip CWE-79
6.1