Description
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
Remediation
References
https://blog.zulip.com/2020/09/10/zulip-desktop-5-4-3-security-release/
Related Vulnerabilities
CVE-2022-28355 Vulnerability in maven package org.scala-js:scalajs-library_2.11
CVE-2020-6532 Vulnerability in maven package org.webjars.npm:electron
CVE-2018-25031 Vulnerability in maven package org.webjars.bower:swagger-ui
CVE-2021-46440 Vulnerability in npm package strapi
CVE-2020-2242 Vulnerability in maven package org.jenkins-ci.plugins:database