Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1
CVE-2020-24582
- EPSS 0.36%
- Published 10.09.2020 17:15:32
- Last modified 21.11.2024 05:15:02
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
9.8
CVE-2020-12637
- EPSS 0.22%
- Published 09.05.2020 17:15:11
- Last modified 21.11.2024 04:59:57
Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option.
6.1
CVE-2020-9443
- EPSS 0.36%
- Published 18.03.2020 13:15:12
- Last modified 21.11.2024 05:40:39
Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.
1