Description

Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts.

INFO

Published Date :

2024-11-29T00:00:00.000Z

Last Modified :

2024-11-29T17:09:49.937Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-36625 vulnerability.

Vendors Products
Zulip
  • Zulip
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-36625.

URL Resource
https://gist.github.com/1047524396/f7ada389ed2686481efef9e1f8307c51 cve-icon cve-icon
https://github.com/zulip/zulip/blob/8.3/web/src/ui_util.ts#L24 cve-icon cve-icon
https://github.com/zulip/zulip/commit/191345f9d61f5b15762fe3ce19bf635bf885176a cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact