CVE-2022-48020

Name of the Vulnerable Software and Affected Versions Vinteo VCC version 2.36.4

Description The issue is related to the lack of protection for the web page structure, allowing a remote attacker to conduct a cross-site scripting (XSS) attack. This vulnerability enables attackers to inject arbitrary code, which will be executed by the victim user's browser. The attack is conducted via the conference parameter.

Recommendations For version 2.36.4, consider disabling access to the vulnerable conference parameter until a patch is available. Restricting the use of this parameter can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.