CVE-2025-52559

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/zulip/zulip/commit/175ec1f365b0db982d6eac9019701cbf6e8bc2f2", "name": "https://github.com/zulip/zulip/commit/175ec1f365b0db982d6eac9019701cbf6e8bc2f2", "tags": [], "refsource": ""}, {"url": "https://github.com/zulip/zulip/commit/1a8429e338ff53bdcc4b42e7e71b6fffdd84fcd1", "name": "https://github.com/zulip/zulip/commit/1a8429e338ff53bdcc4b42e7e71b6fffdd84fcd1", "tags": [], "refsource": ""}, {"url": "https://github.com/zulip/zulip/commit/6608c8777254e73a4b540e5e1c4af92e680a55fc", "name": "https://github.com/zulip/zulip/commit/6608c8777254e73a4b540e5e1c4af92e680a55fc", "tags": [], "refsource": ""}, {"url": "https://github.com/zulip/zulip/security/advisories/GHSA-vgf2-vw4r-m663", "name": "https://github.com/zulip/zulip/security/advisories/GHSA-vgf2-vw4r-m663", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting (XSS) vulnerability in both topic names and channel names. This issue has been fixed in Zulip Server 10.4. A workaround for this issue involves denying access to /digest/."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-52559", "ASSIGNER": "security-advisories@github.com"}}, "impact": {}, "publishedDate": "2025-07-02T20:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-07-02T20:15Z"}