Vulnerabilities > Zulip > Zulip Server > Low

DATE CVE VULNERABILITY TITLE RISK
2022-11-16 CVE-2022-41914 Information Exposure Through Discrepancy vulnerability in Zulip Server
Zulip is an open-source team collaboration tool.
network
high complexity
zulip CWE-203
3.7
3.7
2022-03-02 CVE-2022-23656 Cross-site Scripting vulnerability in Zulip Server
Zulip is an open source team chat app.
network
zulip CWE-79
3.5
3.5
2020-04-20 CVE-2020-10935 Cross-site Scripting vulnerability in Zulip Server
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
network
zulip CWE-79
3.5
3.5
2019-09-18 CVE-2019-16216 Cross-site Scripting vulnerability in Zulip Server
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files.
network
zulip CWE-79
3.5
3.5
2018-04-18 CVE-2018-9999 Cross-site Scripting vulnerability in Zulip Server
In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.
network
zulip CWE-79
3.5
3.5