CNNVD-202507-177 Information

Jul 02, 2025 cve

CNNVD ID

CNNVD-202507-177

CVE-2025-52559

  • CNNVD Published: 2025-07-02

Description (Chinese)

Zulip server是美国Zulip公司的一款开源的团队聊天应用程序。 Zulip server 2.0.0-rc1至10.4之前版本存在跨站脚本漏洞,该漏洞源于/digest/ URL存在跨站脚本漏洞。

Description (English)

Zulipserver is an open-source team chat application for Zulip, USA. Zulip server 2.0-rc1 to 10.4 had a cross-site script loophole, which stemmed from the existence of a cross-site script loophole in /bigest/URL.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Zulip

Published

2025-07-02

Last Modified

2026-02-24

References

https://github.com/zulip/zulip/commit/6608c8777254e73a4b540e5e1c4af92e680a55fc https://github.com/zulip/zulip/commit/1a8429e338ff53bdcc4b42e7e71b6fffdd84fcd1 https://github.com/zulip/zulip/commit/175ec1f365b0db982d6eac9019701cbf6e8bc2f2 https://github.com/zulip/zulip/security/advisories/GHSA-vgf2-vw4r-m663 https://nvd.nist.gov/vuln/detail/CVE-2025-52559

Patch

https://github.com/zulip/zulip/releases

Share on: