Skip to content

Instantly share code, notes, and snippets.

@1047524396
Created November 29, 2024 04:40
Show Gist options
  • Save 1047524396/f7ada389ed2686481efef9e1f8307c51 to your computer and use it in GitHub Desktop.
Save 1047524396/f7ada389ed2686481efef9e1f8307c51 to your computer and use it in GitHub Desktop.
CVE-2024-36625
[CVE ID]
CVE-2024-36625
[PRODUCT]
zulip
[VERSION]
8.3
[PROBLEM TYPE]
Cross Site Scripting (XSS)
[DESCRIPTION]
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts.
[PATCH LINK]
https://github.com/zulip/zulip/commit/191345f9d61f5b15762fe3ce19bf635bf885176a
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment