Description
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
Remediation
References
https://blog.zulip.com/2020/09/10/zulip-desktop-5-4-3-security-release/
Related Vulnerabilities
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-keycloak-authorization
CVE-2022-29251 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-theme-ui
CVE-2023-37478 Vulnerability in npm package @pnpm/linux-x64
CVE-2020-13937 Vulnerability in maven package org.apache.kylin:kylin
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-record-serialization-services