Description

Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.

Related CPE's

a

zoom

meeting_software_development_kit

5

a

zoom

rooms

4

a

zoom

rooms_controller

4

a

zoom

workplace

2

a

zoom

workplace_desktop

3

a

zoom

workplace_virtual_desktop_infrastructure

2

References

https://www.zoom.com/en/trust/security-bulletin/zsb-25013

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-352

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

4.6 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-04-08T15:15:37.080Z

11 months ago

Last modified

2025-10-28T16:07:44.403Z

4 months ago