Skip to main content

Zulip Desktop

3 CVEs product

Monthly

CVE-2020-24582 MEDIUM This Month

Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Desktop
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-12637 CRITICAL Act Now

Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zulip Desktop
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2020-9443 MEDIUM This Month

Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Desktop
NVD
CVSS 3.1
6.1
EPSS
0.6%
EPSS 1% CVSS 6.1
MEDIUM This Month

Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Desktop
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zulip Desktop
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zulip Desktop
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy