CVE-2021-3866

MEDIUM

zulip/zulip <3eb2791c3e9695f7d37ffe84e0c2184fae665cb6 - XSS

Title source: llm

Description

Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_confirm

https://huntr.dev/bounties/5f48dac5-e112-4b23-bbbf-cc00ba83bcf2

Patch, Third Party Advisory x_refsource_misc

https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6

View Patch ZIP pw:eip

Vendor Advisory x_refsource_misc

https://blog.zulip.com/2022/01/19/cve-2021-3866/

Scores

CVSS v3 5.4

EPSS 0.0060

EPSS Percentile 69.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

zulip/zulip < 4.8

Published Jan 20, 2022

Tracked Since Feb 18, 2026