HTML injection in Zoom Linux Clients

Bulletin: ZSB-23006
CVEID: CVE-2023-28598
CVSS Severity: High
CVSS Score: 7.5
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description:

Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.

Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.

Affected Products:

Zoom for Linux clients before version 5.13.10

Source:

Reported by Antoine Roly (aroly)

Revision	Date	Description
1.0	06/13/2023	Initial Publication

HTML injection in Zoom Linux Clients

Subscribe for updates