What is CVE-2023-33186?

CVE-2023-33186 is a high-severity vulnerability in Zulip, classified under Cross-site Scripting. CVSS score: 8.2/10. Published 2023-05-30.

How severe is CVE-2023-33186?

High severity. CVSS v3 base score is 8.2 out of 10.

XSS in Zulip

CVE-2023-33186

Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and late…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (73.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L.

Affected products

Zulip — versions >= 7.0-beta1, < 7.0-beta3

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/zulip/zulip/security/advisories/GHSA-4r83-8f94-hrph (x_refsource_CONFIRM)
https://github.com/zulip/zulip/pull/25370 (x_refsource_MISC)
https://github.com/zulip/zulip/commit/03cfb3d9fe61c975d133121ec31a7357f0c9e18f (x_refsource_MISC)
https://github.com/zulip/zulip/commit/3ca131743b00f42bad8edbac4ef92656d954c629 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-33186?: CVE-2023-33186 is a high-severity vulnerability in Zulip, classified under Cross-site Scripting. CVSS score: 8.2/10. Published 2023-05-30.
How severe is CVE-2023-33186?: High severity. CVSS v3 base score is 8.2 out of 10.