CVE-2020-10935 Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover. Source: NIST CVE-2020-10935 April 20, 2020 by admin Uncategorized