CVE Published: 13/06/2023 |
CVE Updated: 19/09/2024 |
CVE Year: 2023 Source: Zoom |
Vendor: Zoom Video Communications, Inc. |
Product: Zoom for Linux clients Status : PUBLISHED
CVE-2023-28598 Description
Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.
Metrics
CVSS Version: 3.1 |
Base Score: 7.5 HIGH Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-ID: CWE-79 CWE Name: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or
Cross-site Scripting
) Source: Zoom Video Communications, Inc.
Common Attack Pattern Enumeration and Classification (CAPEC)