Description

Shared notes panel is vulnerable to XSS when rendering a new note, due to missing username sanitization.

Proof of Concept

1. 1.Start a new web conference and share the link with other people
2. 2.A malicious user joins the conference with the following username: <img%20src=#%20onerror=alert(document.cookie)>
3. 3.As soon as the malicious user types on the “Shared notes” section (and the victim has the “Shared notes” section open) an alert popup is shown on the target user (in this case showing the document.cookie value ).

Impact

XSS vulnerabilities allow attackers to inject arbitrary javascript code to other users browser, leading to stealing user session cookies, defacing website, performing phishing and many others attacks.

Mitigation

User inputs should be always sanitized against such attacks to prevent attackers injecting malicious code.
Is also important to perform output encoding in order to prevent unwanted code execution.