Impact
Potential for client-side XSS via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability.
Patches
Fixes are in these PRs: #9320, #9404
Affects unstable versions of jitsi-meet prior to jitsi-meet_5991. Fixed by stable/jitsi-meet_6173
Workarounds
None.
References
This was initially reported via the 8x8 HackerOne vulnerability disclosure program at https://hackerone.com/8x8?type=team
Report link: https://hackerone.com/reports/1214493
For more information
If you have any questions or comments about this advisory:
masatokinugawa Analyst
Impact
Potential for client-side XSS via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability.
Patches
Fixes are in these PRs: #9320, #9404
Affects unstable versions of jitsi-meet prior to
jitsi-meet_5991. Fixed bystable/jitsi-meet_6173Workarounds
None.
References
This was initially reported via the 8x8 HackerOne vulnerability disclosure program at https://hackerone.com/8x8?type=team
Report link: https://hackerone.com/reports/1214493
For more information
If you have any questions or comments about this advisory: