HTML Injection Vulnerability in Zoom for Linux Clients
CVE-2023-28598

6.5MEDIUM

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom For Linux Clients
Vendor: CVE Published:; 13 June 2023

🔔 Create Zoom Video Communications, Inc. Vulnerability Alert

What is CVE-2023-28598?

Zoom for Linux clients prior to version 5.13.10 are affected by an HTML injection vulnerability. This flaw occurs when a victim engages in a chat with a malicious user, potentially leading to a crash of the Zoom application. It highlights the importance of ensuring software is updated to mitigate risks associated with exploitable vulnerabilities.

Affected Version(s)

Zoom for Linux clients before 5.13.10

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2023
Vulnerability Reserved
Mar 17, 2023