CVE-2025-52559

Опубликовано: 02 июл. 2025

Источник: nvd

CVSS3: 6.8

CVSS3: 5.4

EPSS Низкий

Описание

Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS) vulnerability in both topic names and channel names. This issue has been fixed in Zulip Server 10.4. A workaround for this issue involves denying access to /digest/.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zulip:zulip_server:*:*:*:*:*:*:*:*

Версия от 2.0.1 (включая) до 10.4 (исключая)

cpe:2.3:a:zulip:zulip_server:2.0.0:rc1:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00032

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-52559

CVSS3: 6.8

debian

7 месяцев назад

Zulip is an open-source team chat application. From versions 2.0.0-rc1 ...

EPSS

Процентиль: 9%

0.00032

Низкий

6.8 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79