CNNVD-202602-907 Information
CNNVD ID
CNNVD-202602-907
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Zulip是美国Zulip公司的一款功能强大的开源群聊应用程序。用于将实时聊天的即时性与线程对话的生产力优势相结合。 Zulip 5.0至11.5之前版本存在跨站脚本漏洞,该漏洞源于用户配置文件上的某些管理操作对组名或频道名中的存储型跨站脚本攻击防护不足,可能导致存储型跨站脚本攻击。
Description (English)
Zulip is a powerful open-source chat application for Zulip in the United States. This is used to combine the productivity advantages of real-time chat and linear dialogue. Prior to Zulip 5.0 to 11.5, there was a cross-site script loophole, which stemmed from the fact that some of the management operations on the user profile did not provide adequate protection against stored cross-site script attacks in group or channel names, which could result in storage-type cross-site attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Zulip
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/zulip/zulip/commit/e6093d9e4788f4d82236d856c5ed7b16767886a7 https://github.com/zulip/zulip/releases/tag/11.5 https://github.com/zulip/zulip/security/advisories/GHSA-56qv-8823-6fq9 https://zulip.readthedocs.io/en/latest/overview/changelog.html#zulip-server-11-5 https://access.redhat.com/security/cve/cve-2026-24050