miroslavpejic85/mirotalk

miroslavpejic85/mirotalk

p2p.mirotalk.com

Releases0

Stars3.48K

🚀 WebRTC - P2P - Simple, Secure, Fast Real-Time Video Conferences Up to 8k and 60fps, compatible with all browsers and platforms.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-44731 ↗	Oct 11, 2024Friday, 11 October 2024, 17:15	4.7 MEDIUM	—
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.
CVE-2024-44734 ↗	Oct 11, 2024Friday, 11 October 2024, 17:15	7.5 HIGH	—
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.
CVE-2024-44729 ↗	Oct 11, 2024Friday, 11 October 2024, 16:15	7.5 HIGH	—
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.
CVE-2024-44730 ↗	Oct 11, 2024Friday, 11 October 2024, 16:15	9.1 CRITICAL	—
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.
CVE-2023-27054 ↗	Mar 22, 2023Wednesday, 22 March 2023, 22:15	6.1 MEDIUM	—
A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.