PT-2024-31229 · Mirotalk · Mirotalk
Caio Fook
+3
·
Published
2024-10-11
·
Updated
2024-11-04
·
CVE-2024-44731
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mirotalk versions before commit 9de226
Description
The issue is a DOM-based cross-site scripting (XSS) vulnerability. This allows attackers to execute arbitrary code by sending crafted payloads in messages to other users over RTC connections.
Recommendations
For versions before commit 9de226, update to a version that includes commit 9de226 or later to resolve the issue. As a temporary workaround, consider restricting the use of message sending over RTC connections until a patch is available.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mirotalk