CVE-2024-36624 — MEDIUM (5.4)

Vulnerability Description

Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Zulip	Zulip	8.3

Related Weaknesses (CWE)

CWE-79

References

https://gist.github.com/1047524396/64720d2aa5afd943eb7e5a1ed4808ad6PatchThird Party Advisory
https://github.com/zulip/zulip/blob/8.3/web/src/copy_and_paste.js#L90Product
https://github.com/zulip/zulip/commit/e1029b59ede0c4f314c367ffa1ba2904ffaf6768Patch

FAQ

What is CVE-2024-36624?

CVE-2024-36624 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js.

How severe is CVE-2024-36624?

CVE-2024-36624 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-36624?

Check the references section above for vendor advisories and patch information. Affected products include: Zulip Zulip.