Description
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
Remediation
References
https://blog.zulip.com/2020/09/10/zulip-desktop-5-4-3-security-release/
Related Vulnerabilities
CVE-2022-41240 Vulnerability in maven package org.jenkins-ci.plugins:walti
CVE-2020-11990 Vulnerability in npm package cordova-plugin-camera
CVE-2023-40344 Vulnerability in maven package org.jenkins-ci.plugins:delphix
CVE-2023-43497 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-46279 Vulnerability in maven package org.apache.dubbo:dubbo