CVE-2025-66823

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...

CVE-2025-66823

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page conference url/info...

PT-2025-54221

Name of the Vulnerable Software and Affected Versions TrueConf versions 5.5.2.10813 Description A flaw exists in TrueConf server version 5.5.2.10813 that allows for the injection of arbitrary HTML code through the conference description field. This issue is present in the Create/Edit conference...

PT-2025-54215

Name of the Vulnerable Software and Affected Versions TrueConf Server version 5.5.2.10813 Description A Stored Cross-Site Scripting XSS issue exists in the Meeting location field within the Create/Edit Conference functionality. The issue is due to improper sanitization of user-supplied input in t...

CVE-2025-66824

TrueConf Server v5.5.2.10813 is affected by a Stored XSS in the Meeting location field (Create/Edit Conference) where input in the meeting_room parameter is stored and executed on the Conference Info page, enabling full Account Takeover (ATO). Root cause: improper sanitization of user-supplied in...

CVE-2025-66823

CVE-2025-66823 describes an HTML injection vulnerability in TrueConf Server 5.5.2.10813 in the conference description field. The issue allows an attacker to inject arbitrary HTML in Create/Edit conference functionality, with execution when the victim views the Conference Info page. Affected compo...