2018-04-18 08:00:00
mitre
PUBLISHED
In Zulip Server versions before 1.7.2, there was an XSS issue with user uploads and the (default) LOCAL_UPLOADS_DIR storage backend.