XSS Vulnerability in Jitsi Meet Moodle Plugin via sessionpriv.php Module

XSS Vulnerability in Jitsi Meet Moodle Plugin via sessionpriv.php Module

CVE-2021-26812 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.

Learn more about our User Device Pen Test.