CVE-2023-28598: XSS
First published: Tue Jun 13 2023(Updated: )
Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.
Credit: security@zoom.us security@zoom.us
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zoom Zoom Linux kernel | <5.13.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28598?
CVE-2023-28598 is a vulnerability found in Zoom for Linux clients prior to version 5.13.10 that allows for HTML injection.
How does the HTML injection vulnerability in Zoom for Linux clients work?
The HTML injection vulnerability in Zoom for Linux clients allows a malicious user to crash the Zoom application by starting a chat with a victim.
What is the severity of CVE-2023-28598?
The severity of CVE-2023-28598 is high, with a CVSS score of 6.5.
How do I know if I am affected by CVE-2023-28598?
If you are using Zoom for Linux clients prior to version 5.13.10, you are potentially affected by CVE-2023-28598.
How can I fix CVE-2023-28598?
To fix CVE-2023-28598, you should update your Zoom for Linux client to version 5.13.10 or later.
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/references
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/zoom
- canonical/zoom zoom linux kernel