Caio Fook

3 exploits Active since Oct 2024
CVE-2024-44729 WRITEUP HIGH WRITEUP
Mirotalk <9de226 - Privilege Escalation
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.
CVSS 7.5
CVE-2024-44730 WRITEUP CRITICAL WRITEUP
Mirotalk <c21d58 - Info Disclosure
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.
CVSS 9.1
CVE-2024-44731 WRITEUP MEDIUM WRITEUP
Mirotalk <9de226 - XSS
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.
CVSS 4.7