Anders Kaseorg

12 exploits Active since Sep 2019
CVE-2019-16215 WRITEUP MEDIUM WRITEUP
Zulip Server <2.0.5 - DoS
The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages.
CVSS 6.5
CVE-2019-16216 WRITEUP MEDIUM WRITEUP
Zulip <2.0.5 - XSS
Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself.
CVSS 5.4
CVE-2019-19775 WRITEUP MEDIUM WRITEUP
Zulip Server < 2.0.8 - Open Redirect
The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users.
CVSS 6.1
CVE-2021-3866 WRITEUP MEDIUM WRITEUP
zulip/zulip <3eb2791c3e9695f7d37ffe84e0c2184fae665cb6 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.
CVSS 5.4
CVE-2022-23656 WRITEUP MEDIUM WRITEUP
Zulip Server < 2022-03-01 - XSS
Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix.
CVSS 4.6
CVE-2022-31168 WRITEUP MEDIUM WRITEUP
Zulip Server <5.5 - Privilege Escalation
Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who don’t own any bots, and lack permission to create them, can’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots.
CVSS 5.4
CVE-2022-41914 WRITEUP LOW WRITEUP
Zulip Server < 5.7 - Information Disclosure
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be possible for an attacker to infer the value of the token by performing a sophisticated timing analysis on a large number of failing requests. If successful, this would allow the attacker to impersonate the SCIM client for its abilities to read and update user accounts in the Zulip organization. Organizations where SCIM account management has not been enabled are not affected.
CVSS 3.7
CVE-2023-33186 WRITEUP HIGH WRITEUP
Zulip Server <May 2, 2023 - XSS
Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.
CVSS 8.2
CVE-2024-36624 WRITEUP MEDIUM WRITEUP
Zulip 8.3 - XSS
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js.
CVSS 5.4
CVE-2024-36625 WRITEUP MEDIUM WRITEUP
Zulip 8.3 - XSS
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts.
CVSS 5.4
CVE-2025-52559 WRITEUP MEDIUM WRITEUP
Zulip Server < 10.4 - XSS
Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS) vulnerability in both topic names and channel names. This issue has been fixed in Zulip Server 10.4. A workaround for this issue involves denying access to /digest/.
CVSS 6.8
CVE-2026-24050 WRITEUP MEDIUM WRITEUP
Zulip <11.5 - Stored XSS
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This vulnerability is fixed in 11.5.
CVSS 5.4