CVE-2024-36625

Name of the Vulnerable Software and Affected Versions Zulip version 8.3

Description The issue is related to Cross Site Scripting (XSS) via the replace emoji with text function in ui util.ts. This function is potentially vulnerable to XSS attacks.

Recommendations For Zulip version 8.3, consider disabling the replace emoji with text function in ui util.ts as a temporary workaround until a patch is available. Restrict access to the ui util.ts module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.