Vulnerabilities > Zoom > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-13 | CVE-2023-28599 | Injection vulnerability in Zoom Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. | 4.3 |
| 2022-10-14 | CVE-2022-28760 | Unspecified vulnerability in Zoom On-Premise Meeting Connector MMR 4.6.239.20200613/4.6.365.20210703 Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. | 6.5 |
| 2022-10-14 | CVE-2022-28761 | Unspecified vulnerability in Zoom On-Premise Meeting Connector MMR 4.6.239.20200613/4.6.365.20210703/4.8.20220815.130 Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. | 6.5 |
| 2022-08-11 | CVE-2022-28753 | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
| 2022-08-11 | CVE-2022-28754 | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
| 2022-06-15 | CVE-2022-22788 | Uncontrolled Search Path Element vulnerability in Zoom Meetings and Rooms The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. | 6.9 |
| 2022-06-15 | CVE-2022-28749 | Unspecified vulnerability in Zoom On-Premise Meeting Connector Multimedia Router 4.8.113.20220526 Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. | 4.3 |
| 2022-05-18 | CVE-2022-22787 | Improper Certificate Validation vulnerability in Zoom Meetings The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. | 6.0 |
| 2022-05-18 | CVE-2022-22784 | XML Injection (aka Blind XPath Injection) vulnerability in Zoom Meetings The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. | 5.5 |
| 2022-05-18 | CVE-2022-22785 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Zoom Meetings The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. | 6.4 |