HTML Injection vulnerability in Zoom Clients
- ZSB-23007
- CVE-2023-28599
- Medium
- 4.2
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.
Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.
- Zoom for Android, iOS, Linux, macOS, and Windows clients before version 5.13.10
Reported by Mohit Rawat - ASPIA InfoTech
| Revision | Date | Description |
|---|---|---|
| 1.0 | 06/13/2023 | Initial Publication |