CVE-2023-28599

Name of the Vulnerable Software and Affected Versions Zoom versions prior to 5.13.10

Description The issue allows a malicious user to inject HTML into their display name, potentially leading a victim to a malicious website during meeting creation. This occurs when a malicious user manipulates their display name, which can cause a victim to be redirected to an unintended website.

Recommendations For versions prior to 5.13.10, update to version 5.13.10 or later to resolve the issue. As a temporary workaround, consider restricting the ability for users to modify their display names until the update is applied.