#VU77151 Code Injection in Zoom Video Communications, Inc. products - CVE-2023-28599
Published: June 12, 2023
Vulnerability identifier: #VU77151
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-28599
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for macOS
Zoom Workplace Desktop App for Linux
Zoom Workplace App for Android
Zoom Workplace App for iOS
Zoom Workplace Desktop App for Windows
Zoom Workplace Desktop App for macOS
Zoom Workplace Desktop App for Linux
Zoom Workplace App for Android
Zoom Workplace App for iOS
Software vendor:
Zoom Video Communications, Inc.
Zoom Video Communications, Inc.
Description
The vulnerability allows a remote user to perform spoofing attack.
The vulnerability exists due to improper input validation hen processing HTML code. A remote user can inject arbitrary HTML code into their display name and force the victim to visit a malicious website during the meeting creation.
Remediation
Install updates from vendor's website.