Skip to main content

Zoom CVE-2023-28598

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-06-13 security@zoom.us
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 13, 2023 - 17:15 nvd
MEDIUM 6.5

DescriptionNVD

Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.

AnalysisAI

Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash. Affected products include: Zoom. Version information: prior to 5.13.10.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

More in Zoom

View all
CVE-2017-15049 HIGH POC
8.8 Dec 19

The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when c

CVE-2017-15048 HIGH POC
8.8 Dec 19

Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote

CVE-2020-6109 CRITICAL POC
9.8 Jun 08

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including anima

CVE-2018-15715 CRITICAL POC
9.8 Nov 30

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0

CVE-2020-6110 HIGH POC
8.8 Jun 08

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages incl

CVE-2019-13567 HIGH POC
8.8 Jul 12

The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-134

CVE-2026-1368 HIGH POC
7.5 Feb 18

Video Conferencing with Zoom WordPre versions up to 4.6.6 is affected by improper authentication (CVSS 7.5).

CVE-2019-13450 MEDIUM POC
6.5 Jul 09

In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a v

CVE-2019-13449 MEDIUM POC
6.5 Jul 09

In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a s

CVE-2026-22844 CRITICAL
9.9 Jan 20

Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 have a CVSS 9.9 command injection vulnerability allowing m

CVE-2024-24691 CRITICAL
9.8 Feb 14

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Wind

CVE-2023-39213 CRITICAL
9.8 Aug 08

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may all

Share

CVE-2023-28598 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy