Versio.io

CVE-2022-23656

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 02-03-2022 10:15
Last modified: - 09-03-2022 10:10
Total changes: - 3

Description

Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
Low
Confidentiality
Low
Integrity
Low
Privileges required
Changed
Scope
Required
User interaction
5.4
Base score
2.3
2.7
Exploitability score
Impact score
 

Verification logic

OR
vendor=zulip AND product=zulip_server AND versionStartIncluding=2021-06-03 AND versionEndExcluding=2022-03-01
 

Reference

 


Keywords

NVD

 

CVE-2022-23656

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.