Vulnerability Description
Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 8X8 | Jitsi Meet | < 2.0.6173 |
Related Weaknesses (CWE)
References
- https://github.com/jitsi/jitsi-meet/pull/9320PatchThird Party Advisory
- https://github.com/jitsi/jitsi-meet/pull/9404PatchThird Party Advisory
- https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-6582-8v9q-v3fgThird Party Advisory
- https://hackerone.com/reports/1214493Permissions Required
- https://github.com/jitsi/jitsi-meet/pull/9320PatchThird Party Advisory
- https://github.com/jitsi/jitsi-meet/pull/9404PatchThird Party Advisory
- https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-6582-8v9q-v3fgThird Party Advisory
- https://hackerone.com/reports/1214493Permissions Required
FAQ
What is CVE-2021-39205?
CVE-2021-39205 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not prop...
How severe is CVE-2021-39205?
CVE-2021-39205 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-39205?
Check the references section above for vendor advisories and patch information. Affected products include: 8X8 Jitsi Meet.