Lucene search
China National Vulnerability DatabaseCNVD-2022-53542HistoryJul 01, 2022 - 12:00 a.m.
TrueConf Server Cross-Site Scripting Vulnerability (CNVD-2022-53542)
2022-07-0100:00:00
China National Vulnerability Database
www.cnvd.org.cn
20
trueconf server
cross-site scripting
version 4.3.7
video collaboration platform
russian company
unknown code
admin conferences
get-all-status
parameter keys operation
html code
script code
user's browser session
affected site
cnvd-2022-53542
EPSS
0.001
Percentile
40.4%
TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that originates from unknown code in the file /admin/conferences/get-all-status/, with the parameter keys operation leads to basic cross-site scripting, which can be exploited by attackers to execute arbitrary HTML and script code in the userβs browser session in the context of the affected site.
Related
prion
prion
Cross site scripting
2022-06-29 17:15:00
cvelist
cvelist
CVE-2017-20114 TrueConf Server Reflected cross site scripting
2022-06-29 16:15:26
nvd
nvd
CVE-2017-20114
2022-06-29 17:15:07
cve
cve
CVE-2017-20114
2022-06-29 17:15:07
zeroscience
zeroscience
TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities
2017-01-29 00:00:00