CVE ID:

CVE-2018-9999

Details:

In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.

References:

:https://blog.zulip.org/2018/04/12/zulip-1-7-2-released/

ZeroDayLab Assigned Tags:

CROSS SITE SCRIPTING - What is Cross Site Scripting?