miroslavpejic85/mirotalksfu

miroslavpejic85/mirotalksfu

sfu.mirotalk.com

Releases0

Stars3K

🏆 Self-hosted, open-source WebRTC video conferencing platform for real-time communication and collaboration. A modern alternative to Zoom, built on SFU architecture.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-44731 ↗	Oct 11, 2024Friday, 11 October 2024, 17:15	4.7 MEDIUM	—
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.
CVE-2024-44734 ↗	Oct 11, 2024Friday, 11 October 2024, 17:15	7.5 HIGH	—
Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server.
CVE-2024-44729 ↗	Oct 11, 2024Friday, 11 October 2024, 16:15	7.5 HIGH	—
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.
CVE-2024-44730 ↗	Oct 11, 2024Friday, 11 October 2024, 16:15	9.1 CRITICAL	—
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.