Filtered by vendor Mirotalk Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-27054 1 Mirotalk 1 Mirotalk P2p 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.
CVE-2024-44734 1 Mirotalk 1 Mirotalk P2p 2024-10-16 7.5 High
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.
CVE-2024-44730 1 Mirotalk 1 Mirotalk P2p 2024-10-16 9.1 Critical
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.
CVE-2024-44729 1 Mirotalk 1 Mirotalk P2p 2024-10-16 7.5 High
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.