Description
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
Remediation
References
https://blog.zulip.com/2020/09/10/zulip-desktop-5-4-3-security-release/
Related Vulnerabilities
CVE-2022-33140 Vulnerability in maven package org.apache.nifi.registry:nifi-registry-core
CVE-2023-41886 Vulnerability in maven package org.openrefine:database
CVE-2023-39956 Vulnerability in npm package electron
CVE-2022-40146 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge
CVE-2022-34812 Vulnerability in maven package org.jenkins-ci.plugins:xpath-config-viewer