First published: Fri Aug 21 2020(Updated: )
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zulip Zulip Server | <2.1.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-12759 is a vulnerability in Zulip Server that allows reflected XSS via the Dropbox webhook.
CVE-2020-12759 has a severity level of medium.
CVE-2020-12759 affects Zulip Server versions up to 2.1.5.
To fix CVE-2020-12759, you should update Zulip Server to version 2.1.5 or higher.
You can find more information about CVE-2020-12759 in the reference provided: https://blog.zulip.com/2020/06/17/zulip-server-2-1-5-security-release/