HTML Injection vulnerability in Zoom Clients

Bulletin: ZSB-23007
CVEID: CVE-2023-28599
CVSS Severity: Medium
CVSS Score: 4.2
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Description:

Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom for Android, iOS, Linux, macOS, and Windows clients before version 5.13.10

Source:

Reported by Mohit Rawat - ASPIA InfoTech

Revision	Date	Description
1.0	06/13/2023	Initial Publication

HTML Injection vulnerability in Zoom Clients

Subscribe for updates