CVE-2025-52559 – Zulip Server Cross-Site Scripting (XSS) Vulnerability

July 2, 2025

CVE ID : CVE-2025-52559

Published : July 2, 2025, 8:15 p.m. | 1 hour, 45 minutes ago

Description : Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS) vulnerability in both topic names and channel names. This issue has been fixed in Zulip Server 10.4. A workaround for this issue involves denying access to /digest/.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52842 – Laundry Cross-site Scripting (XSS)

Next Article CVE-2025-43025 – HP Universal Print Driver Buffer Overflow Denial of Service

Highlights

CVE-2025-21120 – Dell Avamar HTTP Permission Methods Vulnerability

August 4, 2025

CVE ID : CVE-2025-21120

Published : Aug. 4, 2025, 7:15 p.m. | 6 hours, 5 minutes ago

Description : Dell Avamar, versions prior to 19.12 with patch 338905, excluding version 19.10SP1 with patch 338904, contains a Trusting HTTP Permission Methods on the Server-Side vulnerability in Security. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Your smart home device just got a performance and security boost for free

Ultrahuman brings advanced cycle and ovulation tracking to its smart ring

DistroWatch Weekly, Issue 1135

14 secret phone codes that unlock hidden features on your Android and iPhone

Air Quality Prediction System using Python ML

Air Quality Prediction System using Python ML

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

DistroWatch Weekly, Issue 1135

DistroWatch Weekly, Issue 1135

Ubuntu’s New “Dangerous” Daily Builds – What Are They?

gofmt – formats Go programs

CVE-2025-52559 – Zulip Server Cross-Site Scripting (XSS) Vulnerability

CVE-2025-9090 – Tenda Telnet Service Command Injection

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

Fortinet FortiWeb Instances Hacked With Webshells Following Public PoC Exploits

Sam Altman says AI will make coders 10x more productive, not replace them — Even Bill Gates claims the field is too complex

Best Hotels in Ranthambore: Luxury Stays Near the Tiger Reserve

How to check apps draining the most battery on Windows 11

CVE-2025-21120 – Dell Avamar HTTP Permission Methods Vulnerability

CVE-2025-3107 – “WordPress Newsletters SQL Injection Vulnerability”

CVE-2025-43971 – GoBGP Zero-Value Software Version Len Panic

Measuring perception in AI models

CVE-2025-52559 – Zulip Server Cross-Site Scripting (XSS) Vulnerability

Related Posts