Skip to main content

Jitsi Meet

5 CVEs product

Monthly

CVE-2024-44081 CRITICAL PATCH Act Now

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jitsi Meet
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2024-44080 HIGH This Week

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jitsi Meet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-39215 HIGH PATCH This Week

Jitsi Meet is an open source video conferencing application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Jitsi Meet
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-39205 MEDIUM PATCH This Month

Jitsi Meet is an open source video conferencing application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jitsi Meet
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-33506 HIGH PATCH This Week

jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Jitsi Meet
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jitsi Meet
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jitsi Meet
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Jitsi Meet is an open source video conferencing application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Jitsi Meet
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Jitsi Meet is an open source video conferencing application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jitsi Meet
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Jitsi Meet
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy