PT-2022-10745 · Zulip · Zulip
Abdul Muhaimin
·
Published
2022-01-20
·
Updated
2022-02-03
·
CVE-2021-3866
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
zulip/zulip versions 44f935695d452cc3fb16845a0c6af710438b153d through 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6
Description
The issue is related to Cross-site Scripting (XSS) - Stored, which affects the GitHub repository zulip/zulip. This type of attack occurs when an application stores user input that contains malicious scripts, which are then executed by the application, allowing an attacker to perform unauthorized actions.
Recommendations
For versions 44f935695d452cc3fb16845a0c6af710438b153d through 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6, update to a version after 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6 to resolve the issue.
As a temporary workaround, consider restricting user input to prevent the storage of malicious scripts until a patch is available.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zulip