HTML Injection Vulnerability in TrueConf Server by TrueConf
CVE-2025-66823

3.5LOW

Key Information:

Vendor: TrueConf
Status: TrueConf Server
Vendor: CVE Published:; 30 December 2025

What is CVE-2025-66823?

An HTML Injection vulnerability exists in TrueConf Server version 5.5.2.10813, impacting the conference description field. This flaw allows attackers to inject arbitrary HTML code in the Create/Edit conference functionality. When victims access the Conference Info page, their browsers may execute the injected HTML code, potentially leading to various attacks such as phishing or unauthorized actions. Organizations using affected versions of TrueConf Server should take immediate steps to secure their systems.

References

https://trueconf.com

https://github.com/x00nullbit/CVE-References/blob/main/CV...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2025
Vulnerability Reserved
Dec 8, 2025

CVE-2025-66823 Data

JSON