Caio Fook

3 exploits Active since Oct 2024
CVE-2024-44729 WRITEUP HIGH WRITEUP
Mirotalk <9de226 - Privilege Escalation
Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting.
CVSS 7.5
CVE-2024-44730 WRITEUP CRITICAL WRITEUP
Mirotalk - Incorrect Access Control in handleDataChannelChat Function
Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name.
CVSS 9.1
CVE-2024-44731 WRITEUP MEDIUM WRITEUP
Mirotalk - DOM-based Cross-Site Scripting via RTC Message Payload
Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users over RTC connections.
CVSS 4.7