CVE-2023-30860

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 12.4

Description The issue arises from the failure to properly sanitize malicious characters when creating a Meeting Room in AVideo, allowing an attacker to insert malicious scripts. This can lead to cookie hijacking and takeover of any accounts, including those of administrators, as any user can see the meeting room created by the attacker.

Recommendations For versions prior to 12.4, update to version 12.4 to resolve the issue. As a temporary workaround, consider restricting access to the Meeting Schedule feature until the update is applied. Additionally, avoid using the "Meet topic" field for any potentially malicious input until the issue is resolved.