Vulnerabilities > Zulip > Zulip Server > 2.1.4

DATE CVE VULNERABILITY TITLE RISK
2020-08-21 CVE-2020-14194 Improper Privilege Management vulnerability in Zulip Server
Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
network
low complexity
zulip CWE-269
5.4
5.4
2020-08-21 CVE-2020-12759 Cross-site Scripting vulnerability in Zulip Server
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.
network
low complexity
zulip CWE-79
6.1
6.1