Vulnerabilities > Zulip > Zulip Server > 2.0.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-08-21 | CVE-2020-12759 | Cross-site Scripting vulnerability in Zulip Server Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. | 6.1 |
2020-04-20 | CVE-2020-9445 | Cross-site Scripting vulnerability in Zulip Server Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality. | 6.1 |
2020-04-20 | CVE-2020-9444 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Zulip Server Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality. | 6.1 |
2020-04-20 | CVE-2020-10935 | Cross-site Scripting vulnerability in Zulip Server Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. | 5.4 |
2019-12-18 | CVE-2019-19775 | Open Redirect vulnerability in Zulip Server The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. | 6.1 |
2019-11-21 | CVE-2019-18933 | Unspecified vulnerability in Zulip Server In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authentication could have their personal API key stolen by an unprivileged attacker, allowing nearly full access to the user's account. | 9.8 |