HTML injection in Zoom Linux client
- ZSB-21015
- CVE-2021-34419
- Low
- 3.7
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks.
Zoom addressed this issue in the 5.1.0 Zoom Client for Meetings for Ubuntu Linux release. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
- Zoom Client for Meetings for Ubuntu Linux before version 5.1.0
Reported by Danny de Weille and Rick Verdoes of hackdefense
| Revision | Date | Description |
|---|---|---|
| 1.0 | 11/09/2021 | Initial Publication |