← back
CVE-2021-26812

CVE-2021-26812

EPSS 97.5%
Vexday Risk Score
40Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS EPSS 97.5%KEV nãoPoC Nuclei simMetasploit Patch
Lifecycle
14 Apr 2021Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/udima-university/moodle-mod_jitsi/issues/67