Filtered by vendor Mirotalk
Subscriptions
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-27054 | 1 Mirotalk | 1 Mirotalk P2p | 2024-11-21 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module. | ||||
CVE-2024-44734 | 1 Mirotalk | 1 Mirotalk P2p | 2024-10-16 | 7.5 High |
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. | ||||
CVE-2024-44730 | 1 Mirotalk | 1 Mirotalk P2p | 2024-10-16 | 9.1 Critical |
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name. | ||||
CVE-2024-44729 | 1 Mirotalk | 1 Mirotalk P2p | 2024-10-16 | 7.5 High |
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting. |
Page 1 of 1.