13 matches found
CVE-2022-46764
CVE-2022-46764 affects TrueConf Server 5.2.0.10225. The web API is vulnerable to SQL injection that allows remote unauthenticated execution of arbitrary SQL commands, leading to remote code execution. The issue is fixed in version 5.2.6. Connected sources confirm the affected product/version and ...
CVE-2022-46763
The CVE-2022-46763 issue affects TrueConf Server 5.2.0.10225, where a SQL injection in a database stored function allows a low-privileged database user to execute arbitrary SQL as the database administrator, potentially enabling arbitrary code execution. The root cause is a vulnerability in the d...
CVE-2017-20113
TrueConf Server 4.3.7 is affected by a stored cross-site scripting vulnerability due to inadequate sanitization in multiple inputs (e.g., redirect_url and other parameters) in the web interface. The issue potentially allows remote attackers to execute arbitrary HTML/JS in a user’s browser session...
CVE-2017-20115
CVE-2017-20115 affects TrueConf Server 4.3.7. The issue is a reflected cross-site scripting vulnerability in the handling of the sort parameter for the /admin/conferences/list/ endpoint. This can be triggered remotely and has been publicly disclosed. Public references indicate multiple corroborat...
CVE-2017-20120
TrueConf Server 4.3.7 is affected by a Cross‑Site Request Forgery in the /admin/service/stop/ endpoint. The vulnerability stems from insufficient validation of HTTP requests to perform administrative actions, potentially enabling remote attackers to forge authenticated requests. Multiple sources ...
CVE-2017-20119
TrueConf Server 4.3.7 is affected by an open-redirect vulnerability in the /admin/general/change-lang endpoint. The issue arises from improper handling of the redirect_url parameter, allowing remote attackers to redirect users to an arbitrary URL. Exploitation has been publicly disclosed (e.g., e...
CVE-2017-20116
CVE-2017-20116 affects TrueConf Server 4.3.7. Vulnerability in the /admin/group/list/ endpoint (parameter checked_group_id) allows remote, reflected XSS due to insufficient input sanitization. Exploitation publicly disclosed. In practice, upgrading to TrueConf Server 5.0.2+ (or applying vendor-pr...
CVE-2017-20117
CVE-2017-20117 affects TrueConf Server 4.3.7. The vulnerability exists in the /admin/group functionality and is a cross-site scripting (DOM XSS) flaw caused by improper handling of inputs, exploitable remotely. Several sources confirm that the vulnerability can be triggered by an attacker to exec...
CVE-2017-20118
CVE-2017-20118 affects TrueConf Server 4.3.7. The vulnerability is a DOM-based cross-site scripting issue in the /admin/conferences/list/ endpoint caused by manipulation of the domxss argument. It can be exploited remotely and has been publicly disclosed (exploits exist). Affected versions are 4....
CVE-2017-20114
TrueConf Server 4.3.7 contains a reflected cross-site scripting vulnerability in /admin/conferences/get-all-status/ caused by unsanitized keys[] input. The issue can be exploited remotely and an exploit has been disclosed publicly (referenced in multiple sources). Public-enabling details include ...
CVE-2025-66824
TrueConf Server v5.5.2.10813 is affected by a Stored XSS in the Meeting location field (Create/Edit Conference) where input in the meeting_room parameter is stored and executed on the Conference Info page, enabling full Account Takeover (ATO). Root cause: improper sanitization of user-supplied in...
CVE-2025-66834
TrueConf Server is affected by a CSV Formula Injection in version 5.5.2.10813. A normal user can inject malicious spreadsheet formulas into exported chat logs by crafting the Display Name, indicating a CSV macro/formula injection vulnerability. Impact per sources is high confidentiality and integ...
CVE-2025-66823
CVE-2025-66823 describes an HTML injection vulnerability in TrueConf Server 5.5.2.10813 in the conference description field. The issue allows an attacker to inject arbitrary HTML in Create/Edit conference functionality, with execution when the victim views the Conference Info page. Affected compo...