ID CVE-2018-9990
Description In Zulip Server versions before 1.7.2, there was an XSS issue with stream names in topic typeahead.
CVSS
  • Score: 4.3
  • Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Availability: not affected
  • Confidentiality: not affected
  • Integrity: PARTIAL
CWE-ID CWE-79
Last Modified May 21, 2018
Available Solutions Apply upgrade of Zulip Server versions to at least version 1.7.2

CPE-ID

Application Name/CPE-IDVendorProductVersionList of Vulnerabilities
Zulip Zulip_server 1.3.0 zulip zulip server 1.3.0 5 Vulnerabilties for Zulip Zulip_server 1.3.0
Zulip Zulip_server 1.3.1 zulip zulip server 1.3.1 5 Vulnerabilties for Zulip Zulip_server 1.3.1
Zulip Zulip_server 1.3.10 zulip zulip server 1.3.10 5 Vulnerabilties for Zulip Zulip_server 1.3.10
Zulip Zulip_server 1.3.11 zulip zulip server 1.3.11 5 Vulnerabilties for Zulip Zulip_server 1.3.11
Zulip Zulip_server 1.3.12 zulip zulip server 1.3.12 5 Vulnerabilties for Zulip Zulip_server 1.3.12
Zulip Zulip_server 1.3.13 zulip zulip server 1.3.13 5 Vulnerabilties for Zulip Zulip_server 1.3.13
Zulip Zulip_server 1.3.2 zulip zulip server 1.3.2 5 Vulnerabilties for Zulip Zulip_server 1.3.2
Zulip Zulip_server 1.3.3 zulip zulip server 1.3.3 5 Vulnerabilties for Zulip Zulip_server 1.3.3
Zulip Zulip_server 1.3.4 zulip zulip server 1.3.4 5 Vulnerabilties for Zulip Zulip_server 1.3.4
Zulip Zulip_server 1.3.6 zulip zulip server 1.3.6 5 Vulnerabilties for Zulip Zulip_server 1.3.6
Zulip Zulip_server 1.3.7 zulip zulip server 1.3.7 5 Vulnerabilties for Zulip Zulip_server 1.3.7
Zulip Zulip_server 1.3.8 zulip zulip server 1.3.8 5 Vulnerabilties for Zulip Zulip_server 1.3.8
Zulip Zulip_server 1.3.9 zulip zulip server 1.3.9 5 Vulnerabilties for Zulip Zulip_server 1.3.9
Zulip Zulip_server 1.4.0 zulip zulip server 1.4.0 5 Vulnerabilties for Zulip Zulip_server 1.4.0
Zulip Zulip_server 1.4.1 zulip zulip server 1.4.1 5 Vulnerabilties for Zulip Zulip_server 1.4.1
Zulip Zulip_server 1.4.2 zulip zulip server 1.4.2 5 Vulnerabilties for Zulip Zulip_server 1.4.2
Zulip Zulip_server 1.4.3 zulip zulip server 1.4.3 5 Vulnerabilties for Zulip Zulip_server 1.4.3
Zulip Zulip_server 1.5.0 zulip zulip server 1.5.0 6 Vulnerabilties for Zulip Zulip_server 1.5.0
Zulip Zulip_server 1.5.1 zulip zulip server 1.5.1 6 Vulnerabilties for Zulip Zulip_server 1.5.1
Similar vulnerabilities

Pre-Condition

<set operator="and">
  <set operator="or">
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.0"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.1"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.2"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.3"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.4"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.6"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.7"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.8"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.9"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.10"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.11"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.12"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.3.13"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.4.0"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.4.1"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.4.2"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.4.3"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.5.0"/>
      <prop key="application" value="cpe:/a:zulip:zulip_server:1.5.1"/>
  </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

								

Post-Condition

<set operator="and">
    <prop key="target" value="host"/>
  <set operator="or">
      <prop key="program_influence" value="input"/>
      <prop key="program_influence" value="output"/>
      <prop key="program_influence" value="existence"/>
  </set>
    <prop key="data" value="any"/>
  <set operator="or">
      <prop key="data_influence" value="write"/>
      <prop key="data_influence" value="delete"/>
  </set>
  <set operator="or">
      <prop key="range" value="remote"/>
      <prop key="range" value="local"/>
  </set>
</set>