Home > Vulnerability Database > CVE-2021-39205

Mend.io Vulnerability Database

CVE-2021-39205

Good to know:

Date: September 15, 2021

Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading.

Language: JS

Severity Score

6.1

Related Resources (6)

Url: https://github.com/jitsi/jitsi-meet/pull/9320

Url: https://hackerone.com/reports/1214493

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-39205

Url: https://github.com/jitsi/jitsi-meet/pull/9404

Url: https://github.com/jitsi/jitsi-meet/security/advisories/GHSA-6582-8v9q-v3fg

Url: https://www.mend.io/vulnerability-database/CVE-2021-39205

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version 2.0.6173

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-39205

Good to know:

Date: September 15, 2021

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?