CVE-2024-44080

HIGH

8x8 jitsi_meet < 2.0.9779 - Cross-Site Scripting via Giphy Image URL

Title source: llm
STIX 2.1

Description

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format.

Scores

CVSS v3 7.5
EPSS 0.0052
EPSS Percentile 40.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
8x8/jitsi_meet < 2.0.9779
Published Oct 29, 2024
Tracked Since Feb 18, 2026