CVE-2021-26812

MEDIUM NUCLEI

Jitsi Meet < 2.8.3 - XSS

Title source: rule

Description

Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application.

Nuclei Templates (1)

Moodle Jitsi Meet 2.7-2.8.3 - Cross-Site Scripting

MEDIUMby aceseven (digisec360)

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/udima-university/moodle-mod_jitsi/issues/67

Scores

CVSS v3 6.1

EPSS 0.1899

EPSS Percentile 95.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

jitsi/meet 2.7 - 2.8.3

Published Apr 14, 2021

Tracked Since Feb 18, 2026