CVE-2024-44080
- EPSS 0.22%
- Veröffentlicht 29.10.2024 22:15:03
- Zuletzt bearbeitet 10.07.2025 19:33:11
In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected f...
CVE-2024-44081
- EPSS 0.61%
- Veröffentlicht 29.10.2024 22:15:03
- Zuletzt bearbeitet 10.07.2025 19:34:16
In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format.
CVE-2021-39205
- EPSS 0.29%
- Veröffentlicht 15.09.2021 18:15:09
- Zuletzt bearbeitet 21.11.2024 06:18:53
Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related...
- EPSS 0.28%
- Veröffentlicht 15.09.2021 18:15:09
- Zuletzt bearbeitet 21.11.2024 06:18:55
Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to ga...
CVE-2021-33506
- EPSS 0.24%
- Veröffentlicht 26.05.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:08:58
jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation.