CVE-2023-28599

Summary

Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.

Affected Software

VendorProductVersion RangeStatus
Zoom Video Communications, Inc.Zoom for Androidbefore 5.13.10affected
Zoom Video Communications, Inc.Zoom for iOSbefore 5.13.10affected
Zoom Video Communications, Inc.Zoom for Linuxbefore 5.13.10affected
Zoom Video Communications, Inc.Zoom for macOSbefore 5.13.10affected
Zoom Video Communications, Inc.Zoom for Windowsbefore 5.13.10affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References