Moodle jitsi plugin XSS Vulnerability CVE-2021-26812 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

Moodle jitsi plugin XSS Vulnerability CVE-2021-26812 Scanner Detail

Remote attacker can perform a reflected cross site scripting attack (XSS) by injecting malicious payload.

Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.

Some Advice for Common Problems

  • You need to apply related fixes.
  • Sanitize all parameters received as input from the user.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service