Unrated severityNVD Advisory· Published Sep 15, 2021· Updated Aug 4, 2024
DOM-based XSS/Content Spoofing via Prototype Pollution
CVE-2021-39205
Description
Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.0.6173+ 1 more
- (no CPE)range: <2.0.6173
- (no CPE)range: < 2.0.6173
Patches
Vulnerability mechanics
References
4- github.com/jitsi/jitsi-meet/pull/9320mitrex_refsource_MISC
- github.com/jitsi/jitsi-meet/pull/9404mitrex_refsource_MISC
- github.com/jitsi/jitsi-meet/security/advisories/GHSA-6582-8v9q-v3fgmitrex_refsource_CONFIRM
- hackerone.com/reports/1214493mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.