CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44080
https://notcve.org/view.php?id=CVE-2024-44080
29 Oct 2024 — In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format. En Jitsi Meet anterior a 2.0.9779, la funcionalidad para compartir una imagen usando giphy se implementó de manera insegura, lo que provocaba que los clientes cargaran GIF desde cualquier URL arbitraria si un mensaje de otro participante contenía una URL ... • https://github.com/jitsi/jitsi-meet/compare/jitsi-meet_9672...jitsi-meet_9673 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44081
https://notcve.org/view.php?id=CVE-2024-44081
29 Oct 2024 — In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format. En Jitsi Meet anterior a 2.0.9779, la funcionalidad para compartir un archivo de video se implementó de manera insegura, lo que provocaba que los clientes cargaran videos desde una URL arbitraria si un mensaje de otro participante contenía una URL codificada en ... • https://github.com/jitsi/jitsi-meet/compare/jitsi-meet_9672...jitsi-meet_9673 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33530
https://notcve.org/view.php?id=CVE-2024-33530
02 May 2024 — In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is invited to a call after waiting in the lobby. En Jitsi Meet anterior a 9391, una falla lógica en las reuniones Jitsi protegidas con contraseña (que utilizan un lobby) conduce a la divulgación de la contraseña de la reunión cuando se invita a un usuario a una llamada después de esperar en el lobby. • https://insinuator.net/2024/05/vulnerability-in-jitsi-meet-meeting-password-disclosure-affecting-meetings-with-lobbies •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30437 – WordPress Webinar and Video Conference with Jitsi Meet plugin <= 2.6.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-30437
28 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Webinar and Video Conference with Jitsi Meet allows Stored XSS.This issue affects Webinar and Video Conference with Jitsi Meet: from n/a through 2.6.3. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ("Cross-site Scripting") en WPPOOL Webinar and Video Conference with Jitsi Meet permite XSS almacenado. Este problema afecta el seminario web y la videoc... • https://patchstack.com/database/vulnerability/webinar-and-video-conference-with-jitsi-meet/wordpress-webinar-and-video-conference-with-jitsi-meet-plugin-2-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43550
https://notcve.org/view.php?id=CVE-2022-43550
09 Feb 2023 — A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution. • https://github.com/jitsi/jitsi/commit/8aa7be58522f4264078d54752aae5483bfd854b2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36736
https://notcve.org/view.php?id=CVE-2022-36736
08 Sep 2022 — Jitsi-2.10.5550 was discovered to contain a vulnerability in its web UI which allows attackers to perform a clickjacking attack via a crafted HTTP request. NOTE: this is disputed by the vendor ** EN DISPUTA ** Se ha detectado que Jitsi-2.versiones 10.5550, presenta una vulnerabilidad en la Interfaz de Usuario web que permite a atacantes llevar a cabo un ataque de secuestro de clics por medio de una petición HTTP manipulada. NOTA: esto es disputado por el vendedor • https://github.com/UditChavda/Udit-Chavda-CVE/blob/main/CVE-2022-36736 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-26812
https://notcve.org/view.php?id=CVE-2021-26812
14 Apr 2021 — Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en el plugin Jitsi Meet versiones 2.7 hasta 2.8.3 para Moodle, por medio del módulo "sessionpriv.php". Esto permite a atacantes crear una URL maliciosa, que cuando los usuarios hacen clic en ella, pued... • https://github.com/udima-university/moodle-mod_jitsi/issues/67 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25019
https://notcve.org/view.php?id=CVE-2020-25019
29 Aug 2020 — jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. jitsi-meet-electron (también se conoce como Jitsi Meet Electron) versiones anteriores a 2.3.0, llama a la función Electron shell.openExternal sin comprobar que la URL sea para un recurso http o https, en algunas circunstancias • https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-11878
https://notcve.org/view.php?id=CVE-2020-11878
17 Apr 2020 — The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts. El Jitsi Meet (también se conoce como docker-jitsi-meet) en Docker versiones anteriores a stable-4384-1 usa contraseñas predeterminadas (como passw0rd) para las cuentas system. • https://github.com/jitsi/docker-jitsi-meet/blob/master/CHANGELOG.md#stable-4384-1 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 3CVE-2017-5603
https://notcve.org/view.php?id=CVE-2017-5603
09 Feb 2017 — An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544. Una implementación incorrecta de "XEP-0280: Message Carbons" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnera... • http://openwall.com/lists/oss-security/2017/02/09/29 • CWE-20: Improper Input Validation CWE-346: Origin Validation Error •