Filtered by vendor Jitsi
Subscribe
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36736 | 1 Jitsi | 1 Jitsi | 2024-08-03 | N/A | 6.1 MEDIUM |
| ** DISPUTED ** Jitsi-2.10.5550 was discovered to contain a vulnerability in its web UI which allows attackers to perform a clickjacking attack via a crafted HTTP request. NOTE: this is disputed by the vendor. | |||||
| CVE-2021-26812 | 1 Jitsi | 1 Meet | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application. | |||||
| CVE-2020-11878 | 1 Jitsi | 1 Meet | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. | |||||
| CVE-2020-25019 | 1 Jitsi | 1 Meet Electron | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | |||||
| CVE-2017-5603 | 1 Jitsi | 1 Jitsi | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544. | |||||