Primary

Context

Zulip Stored Cross-Site Scripting Vulnerability in User Profile Management

Vulnerability

A stored cross-site scripting vulnerability has been identified in Zulip, an open-source team collaboration tool, affecting versions 5.0 prior to 11.5. The issue arises in the user profile management, where certain administrative actions related to group names or channel names could be exploited. This vulnerability required explicit user interaction with the affected object to be triggered.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

Users can upgrade to Zulip Server version 11.5 or later to address this vulnerability.

Added: Feb 6, 2026, 7:20 PM

Updated: Feb 6, 2026, 10:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

5.5

remediation

0.0

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

5.5

remediation

0.0

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zulip Stored Cross-Site Scripting Vulnerability in User Profile Management

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating