Zulip 8.3 vulnerable to Cross Site Scripting (XSS)
CVE-2024-36624
Currently unrated
What is CVE-2024-36624?
The Zulip messaging platform version 8.3 contains a vulnerability that enables Cross Site Scripting (XSS) through the construct_copy_div function in the copy_and_paste.js file. This flaw allows attackers to inject malicious scripts into web pages, potentially compromising user data and session information. Users of Zulip 8.3 should be aware of this issue and take appropriate actions to mitigate risk.