cbcvebase.
CVE-2023-28599
published 2023-06-13

CVE-2023-28599: Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim…

PriorityP418medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.73%
49.5th percentile
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.

Affected

6 ranges
VendorProductVersion rangeFixed in
zoomzoom< 5.13.105.13.10
zoom_video_communications_inczoom_for_android
zoom_video_communications_inczoom_for_ios
zoom_video_communications_inczoom_for_linux
zoom_video_communications_inczoom_for_macos
zoom_video_communications_inczoom_for_windows
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.