CVE-2023-27054

Name of the Vulnerable Software and Affected Versions MiroTalk P2P versions before commit f535b35

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module. This enables attackers to potentially manipulate the application's behavior or steal user data.

Recommendations For versions before commit f535b35, consider restricting access to the settings module until a patch is available. As a temporary workaround, avoid using the Name parameter in the settings module to minimize the risk of exploitation.