Description
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
Remediation
References
https://blog.zulip.com/2020/09/10/zulip-desktop-5-4-3-security-release/
Related Vulnerabilities
CVE-2023-37478 Vulnerability in npm package @pnpm/linuxstatic-arm64
CVE-2022-43424 Vulnerability in maven package com.compuware.jenkins:compuware-xpediter-code-coverage
CVE-2020-7654 Vulnerability in npm package snyk-broker
CVE-2023-0105 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2019-1003054 Vulnerability in maven package info.bluefloyd.jenkins:jenkins-jira-issue-updater