{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T02:00:41.736","vulnerabilities":[{"cve":{"id":"CVE-2020-9443","sourceIdentifier":"cve@mitre.org","published":"2020-03-18T13:15:12.573","lastModified":"2024-11-21T05:40:39.197","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82."},{"lang":"es","value":"Zulip Desktop versiones anteriores a 4.0.3, cargó contenido no confiable en una vista web de Electron con la seguridad web deshabilitada, lo cual puede ser explotado para un ataque de tipo  XSS en una variedad de maneras. Esto afecta especialmente a Zulip Desktop versión 2.3.82."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zulipchat:zulip_desktop:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.3","matchCriteriaId":"EA06A801-F7A1-4489-81AE-59D515A564C5"}]}]}],"references":[{"url":"https://blog.zulip.org/2020/02/29/zulip-desktop-4-0-3-security-release/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://blog.zulip.org/2020/02/29/zulip-desktop-4-0-3-security-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}