34 matches found
EUVD-2023-30843
Malicious code in bioql PyPI...
CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server...
CVE-2024-44730
Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...
CVE-2024-44729
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting...
CVE-2023-27054
A cross-site scripting XSS vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module...
CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server...
CVE-2024-44730
Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...
CVE-2024-44729
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting...
CVE-2024-44730
Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...
CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server...
CVE-2024-44729
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting...
MiroTalk 安全漏洞
MiroTalk is a simple, secure and fast real-time video conferencing software from the individual developer Miroslav Pejic. A security vulnerability exists in MiroTalk versions prior to 9de226, which stems from vulnerability to cross-site scripting attacks that allow an attacker to execute arbitrar...
MiroTalk 安全漏洞
MiroTalk is a simple, secure, and fast real-time video conferencing software by the individual developer Miroslav Pejic. A security vulnerability exists in MiroTalk that stems from incorrect access control in the app/src/server.js component...
CVE-2024-44730
CVE-2024-44730 affects Mirotalk. The vulnerability is in handleDataChannelChat(dataMessage) before commit c21d58, where incorrect access control allows attackers to forge chat messages using an arbitrary sender name. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) yields a base score of...
CVE-2024-44734
The CVE-2024-44734 vulnerability affects Mirotalk/MiroTalk prior to commit 9de226. The root cause is improper access control in handling roomAction requests, enabling an attacker to arbitrarily change usernames on the server. This is described consistently across multiple sources (NVD, Red Hat se...
MiroTalk 安全漏洞
MiroTalk is a simple, secure, and fast real-time videoconferencing software from the individual developer Miroslav Pejic. A security vulnerability exists in MiroTalk versions prior to 9de226 that stems from improper access control and allows an attacker to arbitrarily change a username by sending...
CVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server...