TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that originates from unknown code in the file /admin/conferences/get-all-status/, with the parameter keys operation leads to basic cross-site scripting, which can be exploited by attackers to execute arbitrary HTML and script code in the userβs browser session in the context of the affected site.