{"uuid": "073a8405-42f7-4c38-ade0-20c6d98cdb07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-23656", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13119", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23656\n\ud83d\udd25 CVSS Score: 4.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix.\n\ud83d\udccf Published: 2022-03-02T20:25:10.000Z\n\ud83d\udccf Modified: 2025-04-23T18:59:20.616Z\n\ud83d\udd17 References:\n1. https://github.com/zulip/zulip/security/advisories/GHSA-fc77-h3jc-6mfv\n2. https://github.com/zulip/zulip/commit/e090027adcbf62737d5b1f83a9618a9500a49321", "creation_timestamp": "2025-04-23T19:05:14.000000Z"}