Zulip Server
CVE-2019-16216
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself.
AnalysisAI
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself. Affected products include: Zulip Zulip Server. Version information: before 2.0.5.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Zulip Server
View allZulip is an open-source team collaboration tool with topic-based threading. Rated critical severity (CVSS 9.8), this vul
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registere
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. Rated medium severity (CVSS 5
In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authori
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres
Zulip is an open-source team collaboration tool. Rated high severity (CVSS 8.2), this vulnerability is remotely exploita
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers. Rated high severity (CVSS 7.5),
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrato
Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zuli
Zulip is an open-source team collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploi
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium se
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today