Description
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
Remediation
References
https://blog.zulip.com/2020/09/10/zulip-desktop-5-4-3-security-release/
Related Vulnerabilities
CVE-2023-4302 Vulnerability in maven package org.jenkins-ci.plugins:fortify
CVE-2023-26049 Vulnerability in maven package org.eclipse.jetty:jetty-http
CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-web
CVE-2018-8014 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2021-4279 Vulnerability in maven package org.webjars.bower:fast-json-patch