CVE-2020-10935

CVE-2020-10935

EPSS 0.7%

Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://blog.zulip.org/2020/04/01/zulip-server-2-1-3-security-release/https://www.coresecurity.com/advisories/zulip-account-takeover-stored-xss