Description
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
Remediation
References
https://blog.zulip.com/2020/09/10/zulip-desktop-5-4-3-security-release/
Related Vulnerabilities
CVE-2018-8014 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2021-41183 Vulnerability in npm package jquery-ui
CVE-2023-25572 Vulnerability in npm package ra-ui-materialui
CVE-2023-33005 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth
CVE-2023-29215 Vulnerability in maven package org.apache.linkis:linkis-metadata-query-service-jdbc