Zoom clients prior to 5.13.10 contain an HTML injection... · CVE-2023-28599 · GitHub Advisory Database · GitHub

Zoom clients prior to 5.13.10 contain an HTML injection...

Moderate severity Unreviewed Published Jun 13, 2023 to the GitHub Advisory Database • Updated Sep 19, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.

References

Published by the National Vulnerability Database

Jun 13, 2023

Published to the GitHub Advisory Database Jun 13, 2023

Last updated Sep 19, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N