Zulip · Zulip Server · CVE-2018-9990
**Name of the Vulnerable Software and Affected Versions**
Zulip Server versions prior to 1.7.2
**Description**
The issue is related to an XSS problem with stream names in topic typeahead.
**Recommendations**
For versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue.