Description

A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meeting_room parameter and executed when users visit the Conference Info page, allowing attackers to achieve full Account Takeover (ATO). This issue is caused by improper sanitization of user-supplied input in the meeting_room field.

INFO

Published Date :

2025-12-30T00:00:00.000Z

Last Modified :

2026-01-02T14:51:23.374Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66824 vulnerability.

Vendors Products
Trueconf
  • Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66824.

URL Resource
https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66824/README.md cve-icon cve-icon cve-icon
https://trueconf.com cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact