CVE-2025-66823

Medium CVSS: 5.4

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page ([conference url]/info).

Vendor

Trueconf

Product

Server

CWE

CWE-79

Yayın Tarihi

2025-12-30 20:16:01

Güncelleme

2026-01-07 15:39:03

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Server MEDIUM Trueconf 2025

Referanslar

https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66823/README.md https://trueconf.com https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66823/README.md

Benzer Kayıtlar

High

CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is abl…

High

CVE-2025-66824

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference fun…

High

CVE-2025-66834

A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadshe…

High

CVE-2025-66835

TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary…