CVE-2025-66823

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions TrueConf versions 5.5.2.10813

Description A flaw exists in TrueConf server version 5.5.2.10813 that allows for the injection of arbitrary HTML code through the conference description field. This issue is present in the Create/Edit conference functionality and is triggered when a victim accesses the Conference Info page at the URL /info. The injected HTML can be used to compromise the integrity of the displayed information.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input for the conference description field to prevent HTML injection.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2026-04921

CVE-2025-66823

Affected Products

Trueconf

CVE-2025-66823

Weakness Enumeration

Related Identifiers

Affected Products

References · 9