Damencho

**Name of the Vulnerable Software and Affected Versions** Jitsi versions prior to commit 8aa7be58522f4264078d54752aae5483bfd854b2 **Description** A command injection issue exists when launching browsers on Windows, allowing an attacker to insert an arbitrary URL, which could lead to remote execution. **Recommendations** For versions prior to commit 8aa7be58522f4264078d54752aae5483bfd854b2, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Jitsi Meet versions prior to 2.0.6173 **Description** Jitsi Meet is an open source video conferencing application. The issue arises from client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. **Recommendations** For versions prior to 2.0.6173, upgrade to version 2.0.6173 to resolve the issue. At the moment, there is no information about other workarounds aside from upgrading.