Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zulip affected by Stored XSS in user profile modal
Vulnerability Description
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This vulnerability is fixed in 11.5.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Zulip 跨站脚本漏洞
Vulnerability Description
Zulip是美国Zulip公司的一款功能强大的开源群聊应用程序。用于将实时聊天的即时性与线程对话的生产力优势相结合。 Zulip 5.0至11.5之前版本存在跨站脚本漏洞,该漏洞源于用户配置文件上的某些管理操作对组名或频道名中的存储型跨站脚本攻击防护不足,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A