Vulnerabilities > CVE-2021-39205 - Unspecified vulnerability in 8X8 Jitsi Meet 2.0.5963

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

8x8

NVD

Published: 2021-09-15

Updated: 2022-09-10

Summary

Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading.

Vulnerable Configurations

Part	Description	Count
Application	8X8 8X8 Jitsi Meet - 8X8 Jitsi Meet 2.0.5963	2

References

https://github.com/jitsi/jitsi-meet/pull/9320
https://hackerone.com/reports/1214493
https://github.com/jitsi/jitsi-meet/pull/9404
https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-6582-8v9q-v3fg