34 matches found
EUVD-2023-30843
Malicious code in bioql PyPI...
CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server...
CVE-2024-44730
Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...
CVE-2024-44729
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting...
CVE-2023-27054
A cross-site scripting XSS vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module...
CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server...
CVE-2024-44730
Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...
CVE-2024-44729
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting...
PT-2024-31229 · Mirotalk · Mirotalk
Name of the Vulnerable Software and Affected Versions: Mirotalk versions before commit 9de226 Description: The issue is a DOM-based cross-site scripting XSS vulnerability. This allows attackers to execute arbitrary code by sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44734
The CVE-2024-44734 vulnerability affects Mirotalk/MiroTalk prior to commit 9de226. The root cause is improper access control in handling roomAction requests, enabling an attacker to arbitrarily change usernames on the server. This is described consistently across multiple sources (NVD, Red Hat se...
CVE-2024-44730
Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...
CVE-2024-44729
MiroTalk CVE-2024-44729 affects the component app/src/server.js and is caused by incorrect access control. This allows unauthenticated attackers (no presenter privileges) to arbitrarily eject participants from a meeting. Public sources (NVD/Red Hat/CNVD/CVE lists) confirm the vulnerability and re...
CVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server...
MiroTalk 安全漏洞
MiroTalk is a simple, secure and fast real-time video conferencing software from the individual developer Miroslav Pejic. A security vulnerability exists in MiroTalk versions prior to 9de226, which stems from vulnerability to cross-site scripting attacks that allow an attacker to execute arbitrar...
CVE-2024-44731
CVE-2024-44731 concerns Mirotalk prior to commit 9de226, where a DOM-based XSS vulnerability exists. The issue allows an attacker to execute arbitrary code by sending crafted payloads in messages to other users over RTC connections. The documented root cause is a DOM-based XSS in the messaging pa...
CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...
MiroTalk 安全漏洞
MiroTalk is a simple, secure, and fast real-time video conferencing software from the individual developer Miroslav Pejic. A security vulnerability exists in Mirotalk that stems from incorrect access control in the handleDataChannelChatdataMessage function...