exploitDog

CVE-2025-66823

Опубликовано: 30 дек. 2025

Источник: nvd

CVSS3: 5.4

CVSS3: 3.5

EPSS Низкий

Описание

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page ([conference url]/info).

Ссылки

https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66823/README.md
Exploit
Third Party Advisory
https://trueconf.com
Product
https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66823/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trueconf:server:5.5.2.10813:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-86hp-crvx-3qvr

CVSS3: 3.5

github

около 1 месяца назад

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page ([conference url]/info).

EPSS

Процентиль: 9%

0.00033

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS3

Дефекты

CWE-79