CVE-2021-3866 MEDIUM

CVE-2021-3866: Cross-site Scripting (XSS) - Stored in zulip/zulip

Vendor Zulip
Product zulip/zulip
Weakness CWE-79 · XSS
Published January 20, 2022
Last update August 3, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.

Key dates

02Disclosure timeline

January 20, 2022 CVE published
August 3, 2024 Record updated