|Number of vulnerabilities||1|
Web applications / Other software
This security bulletin contains one medium risk vulnerability.
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: NoDescription
The vulnerability allows a remote user to perform XSS attacks.
Install updates from vendor's website.
The vulnerability affects the main branch between 2023-01-09 and 2023-02-07.Vulnerable software versions
Zulip Server: 6.1 - 6.1CPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?