CVE-2022-35962

MEDIUM Year: 2022
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-184
View all →

Vulnerability Description

Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190.

Related Vulnerabilities

CVE-2024-28246

MEDIUM
CVSS:5.5(Medium)

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs ...

CWE-1842024

CVE-2021-1255

MEDIUM
CVSS:5.4(Medium)

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorizatio...

CWE-1842021

CVE-2022-38179

MEDIUM
CVSS:6.1(Medium)

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

CWE-1842022

CVE-2024-23336

MEDIUM
CVSS:5.0(Medium)

MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the `127.0.0.0/8` block, which may result in a Server-Side Request Forgery (SSRF) vulnerabil...

CWE-1842024

CVE-2021-31370

MEDIUM
CVSS:6.5(Medium)

An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker whi...

CWE-1842021

CVE-2023-40037

MEDIUM
CVSS:6.5(Medium)

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against craf...

CWE-1842023