34 matches found
EUVD-2023-30843
Malicious code in bioql PyPI...
CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server...
CVE-2024-44730
Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...
CVE-2024-44729
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting...
CVE-2023-27054
A cross-site scripting XSS vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module...
CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server...
CVE-2024-44730
Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...
CVE-2024-44729
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting...
MiroTalk 安全漏洞
MiroTalk is a simple, secure, and fast real-time video conferencing software from the individual developer Miroslav Pejic. A security vulnerability exists in Mirotalk that stems from incorrect access control in the handleDataChannelChatdataMessage function...
CVE-2024-44731
CVE-2024-44731 concerns Mirotalk prior to commit 9de226, where a DOM-based XSS vulnerability exists. The issue allows an attacker to execute arbitrary code by sending crafted payloads in messages to other users over RTC connections. The documented root cause is a DOM-based XSS in the messaging pa...
PT-2024-31229 · Mirotalk · Mirotalk
Name of the Vulnerable Software and Affected Versions: Mirotalk versions before commit 9de226 Description: The issue is a DOM-based cross-site scripting XSS vulnerability. This allows attackers to execute arbitrary code by sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44730
Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...
CVE-2024-44731
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting XSS vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections...
CVE-2024-44734
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server...
MiroTalk 安全漏洞
MiroTalk is a simple, secure, and fast real-time video conferencing software by the individual developer Miroslav Pejic. A security vulnerability exists in MiroTalk that stems from incorrect access control in the app/src/server.js component...
CVE-2024-44729
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting...
CVE-2024-44730
Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...