Stored XSS Vulnerabilities in ZOOM International Call Recording by ZOOM International
CVE-2019-18223
5.4MEDIUM
What is CVE-2019-18223?
The application ZOOM International Call Recording version 6.3.1 is susceptible to multiple authenticated stored Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities can be exploited through specific fields including phoneNumber in the User Edit and User Add forms, name in the Role Add form, name or number in the Edit Group form, and both tagKey and tagValue in the Recording Rules Configuration. Additionally, vulnerabilities exist in the txt_69735:/VemailAddress/value and txt_75767:/VemailFrom/value fields within the callrec/config. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary JavaScript within the context of the user's browser.
