CVE-2020-9445: XSS
First published: Mon Apr 20 2020(Updated: )
Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zulip Server | <2.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Zulip Server vulnerability?
The vulnerability ID for this Zulip Server vulnerability is CVE-2020-9445.
What is the title of this Zulip Server vulnerability?
The title of this Zulip Server vulnerability is 'Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.'
What is the severity of CVE-2020-9445?
The severity of CVE-2020-9445 is medium with a CVSS score of 6.1.
How does CVE-2020-9445 impact Zulip Server?
CVE-2020-9445 allows cross-site scripting (XSS) attacks via the modal_link feature in the Markdown functionality of Zulip Server version before 2.1.3.
How can I fix CVE-2020-9445 in Zulip Server?
To fix CVE-2020-9445 in Zulip Server, you need to upgrade to version 2.1.3 or later.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zulip
- canonical/zulip server