CVE-2020-12759

CVE-2020-12759

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.

Source: CVE-2020-12759