Dropbox · Dropbox · CVE-2020-12759
**Name of the Vulnerable Software and Affected Versions**
Zulip Server versions prior to 2.1.5
**Description**
The issue allows for reflected XSS via the Dropbox webhook.
**Recommendations**
For versions prior to 2.1.5, update to version 2.1.5 or later to resolve the issue.