ZulipchatCVEs & Vulnerabilities
3 CVEs affecting Zulipchat products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
3 CVEs→ All vendors
Most Affected Products
zulip desktop 3
CVE-2020-24582MEDIUM
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
10 Sep 2020
6.1
CVSS
CVE-2020-12637CRITICAL
Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option.
9 May 2020
9.8
CVSS
CVE-2020-9443MEDIUM
Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.
18 Mar 2020
6.1
CVSS
← PrevPage 1 / 1Next →