VYPR
Unrated severityNVD Advisory· Published Sep 15, 2021· Updated Aug 4, 2024

DOM-based XSS/Content Spoofing via Prototype Pollution

CVE-2021-39205

Description

Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Jitsi/Jitsi Meetllm-fuzzy2 versions
    <2.0.6173+ 1 more
    • (no CPE)range: <2.0.6173
    • (no CPE)range: < 2.0.6173

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.