CVE - CVE-2021-39205

CVE-ID
CVE-2021-39205	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-6582-8v9q-v3fg URL:https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-6582-8v9q-v3fg MISC:https://github.com/jitsi/jitsi-meet/pull/9320 URL:https://github.com/jitsi/jitsi-meet/pull/9320 MISC:https://github.com/jitsi/jitsi-meet/pull/9404 URL:https://github.com/jitsi/jitsi-meet/pull/9404 MISC:https://hackerone.com/reports/1214493 URL:https://hackerone.com/reports/1214493
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20210816	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20210816)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)