CVE-2021-39205 Vulnerability Details

  /     /     /  

CVE-2021-39205 Metadata Quick Info

CVE Published: 15/09/2021 | CVE Updated: 04/08/2024 | CVE Year: 2021
Source: GitHub_M | Vendor: jitsi | Product: jitsi-meet
Status : PUBLISHED

---

CVE-2021-39205 Description

Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading.

Metrics

CVSS Version: 3.1 | Base Score: 6.8 MEDIUM
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79: Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting )
Source: jitsi

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).