Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS) vulnerability in both topic names and channel names. This issue has been fixed in Zulip Server 10.4. A workaround for this issue involves denying access to /digest/.
Analysis
Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS) vulnerability in both topic names and channel names. This issue has been fixed in Zulip Server 10.4. A workaround for this issue involves denying access to /digest/.
Technical ContextAI
Cross-site scripting (XSS) allows injection of client-side scripts into web pages viewed by other users due to insufficient output encoding.
RemediationAI
A vendor patch is available — apply it immediately. Encode all user-supplied output contextually (HTML, JS, URL). Implement Content Security Policy (CSP) headers. Use HTTPOnly and Secure cookie flags.
More in Zulip Server
View allZulip is an open-source team collaboration tool with topic-based threading. Rated critical severity (CVSS 9.8), this vul
In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registere
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. Rated medium severity (CVSS 5
In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authori
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres
Zulip is an open-source team collaboration tool. Rated high severity (CVSS 8.2), this vulnerability is remotely exploita
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers. Rated high severity (CVSS 7.5),
Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrato
Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zuli
Zulip is an open-source team collaboration tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploi
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium se
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. Rated
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allVendor StatusVendor
Debian
Bug #800052| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| open | - | - |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19763