Filters
Versions
Zulip Zulip ServerZulip non-admins can invite new users to streams they would not otherwise be able to add existing users to
4.3
EPSS
0.05%
First published (updated )
Zulip Zulip ServerStream description leaks to ex-subscribers in Zulip
4.3
First published (updated )
Zulip Zulip ServerZulip vulnerable to insufficient authorization check for edition/deletion of messages and topics in private streams by former subscribers
6.5
First published (updated )
Zulip Zulip ServerCross-site scripting vulnerability in Zulip Server development branch via topic tooltip
8.2
First published (updated )
Zulip Zulip ServerUser uploads proxied from S3 lack `Content-Security-Policy` headers, may be served with `Content-Disposition: inline` in zulip
4.6
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip Zulip ServerNon-constant-time SCIM token comparison in Zulip Server
3.7
First published (updated )
Zulip Zulip ServerZulip Server public data export contains attachments that are non-public
4.9
First published (updated )
Zulip Zulip ServerCross-site scripting vulnerability in Zulip Server
5.4
First published (updated )
Zulip Zulip ServerMulti-use invitations can grant access to other organizations in Zulip
9.8
First published (updated )
Zulip Zulip ServerAn issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_st…
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip Zulip ServerAn issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sen…
4.3
First published (updated )
Zulip Zulip ServerAn issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messag…
4.3
First published (updated )
Zulip Zulip ServerIn the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to mov…
First published (updated )
Zulip Zulip ServerZulip Server before 2.1.5 allows reverse tabnapping via a topic header link.
5.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip Zulip ServerZulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as a…
7.5
First published (updated )
Zulip Zulip ServerZulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip Zulip ServerThe image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redire…
6.1
First published (updated )
Zulip Zulip ServerIn Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that…
9.8
First published (updated )
Zulip Zulip ServerThe Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential…
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Zulip Zulip ServerIn Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation sy…
8.8
First published (updated )
Zulip Zulip ServerZulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only…
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.