What is CVE-2022-23656?

CVE-2022-23656 is a cross-site scripting vulnerability in Zulip Server.

How does the vulnerability in CVE-2022-23656 affect Zulip?

The vulnerability in CVE-2022-23656 allows an attacker to craft a malicious full name and send messages to a topic in Zulip Server, leading to potential cross-site scripting attacks.

What is the severity of CVE-2022-23656?

The severity of CVE-2022-23656 is medium with a CVSS score of 5.4.

How can I fix the vulnerability in CVE-2022-23656?

To fix the vulnerability in CVE-2022-23656, it is recommended to update Zulip Server to a version after June 2021 and apply the necessary patches.

Vulnerability/
CVE-2022-23656

medium

5.4

CWE

2/3/2022

3/8/2024

CVE-2022-23656: Cross-site scripting vulnerability in Zulip Server

Q: Where can I find more information about CVE-2022-23656?

More information about CVE-2022-23656 can be found in the Zulip GitHub commit and security advisories: [GitHub Commit](https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321), [GitHub Security Advisories](https://github.com/zulip/zulip/security/advisories/GHSA-fc77-h3jc-6mfv).

First published: Wed Mar 02 2022(Updated: )

Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Zulip Zulip Server	>=2021-06-03<2022-03-01

Remedy

https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-23656?
CVE-2022-23656 is a cross-site scripting vulnerability in Zulip Server.
How does the vulnerability in CVE-2022-23656 affect Zulip?
The vulnerability in CVE-2022-23656 allows an attacker to craft a malicious full name and send messages to a topic in Zulip Server, leading to potential cross-site scripting attacks.
What is the severity of CVE-2022-23656?
The severity of CVE-2022-23656 is medium with a CVSS score of 5.4.
How can I fix the vulnerability in CVE-2022-23656?
To fix the vulnerability in CVE-2022-23656, it is recommended to update Zulip Server to a version after June 2021 and apply the necessary patches.
Where can I find more information about CVE-2022-23656?
More information about CVE-2022-23656 can be found in the Zulip GitHub commit and security advisories: [GitHub Commit](https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321), [GitHub Security Advisories](https://github.com/zulip/zulip/security/advisories/GHSA-fc77-h3jc-6mfv).

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/weakness
agent/last-modified-date
agent/title
agent/severity
agent/author
agent/tags
agent/description
agent/event
agent/first-publish-date
vendor/zulip
canonical/zulip zulip server
version/zulip zulip server/2021-06-03

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.