Zulip ≫ Zulip Server

Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.

Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.

Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.

Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.

Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown functionality.

Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.

The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users.

In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new user signup process meant that users who registered their account using social authentication (e.g., GitHub or Google SSO) in an organization that also allows password authenticati...

Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server usin...