CVE-2020-9445

Zulip Server before 2.1.3 allows XSS via the modal_link feature in the Markdown functionality.