Zulip 8.3 Vulnerable to Cross Site Scripting (XSS)
CVE-2024-36625

Currently unrated

Key Information:

Vendor: Zulip
Vendor: CVE Published:; 29 November 2024

🔔 Create Zulip Vulnerability Alert

What is CVE-2024-36625?

Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts.

References

https://github.com/zulip/zulip/commit/191345f9d61f5b15762...

https://github.com/zulip/zulip/blob/8.3/web/src/ui_util.t...

https://gist.github.com/1047524396/f7ada389ed2686481efef9...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 29, 2024
Vulnerability Reserved
May 30, 2024

.