Anders Kaseorg e090027adc CVE-2022-23656: Fix cross-site scripting vulnerability in tooltips. ...

An attacker could maliciously craft a full name for their account and
send messages to a topic with several participants; a victim who then
opens an overflow tooltip including this full name on the recent
topics page could trigger execution of JavaScript code controlled by
the attacker.

Signed-off-by: Anders Kaseorg <anders@zulip.com>

2022-03-01 14:26:42 -08:00

25 KiB

Raw Blame History

View Raw