CVE-2020-10935

CVE-2020-10935

EPSS 0.7%

Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/https://www.coresecurity.com/advisories/zulip-account-takeover-stored-xss