Vulnerabilities > Zulipchat > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-10 | CVE-2020-24582 | Cross-site Scripting vulnerability in Zulipchat Zulip Desktop Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface. | 6.1 |
| 2020-03-18 | CVE-2020-9443 | Cross-site Scripting vulnerability in Zulipchat Zulip Desktop Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. | 6.1 |