2018-04-18 10:29:00 2018-05-17 15:08:01

In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.

Vector

NETWORK

Complexity

MEDIUM

Authentication

SINGLE_INSTANCE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE