CVE-2025-66823

Published: Dic 30, 2025 Last Modified: Gen 07, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,4
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: changed
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page ([conference url]/info).

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0003
Percentile
0,1th
Updated

EPSS Score Trend (Last 76 Days)

79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Integrity Availability
Potential Impacts:
Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML, Web Based, Web Server
Likelihood of Exploit: High
View CWE Details
Application

Server by Trueconf

Product Information
Vendor Trueconf
Product Server
Version 5.5.2.10813
cpe:2.3:a:trueconf:server:5.5.2.10813:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/x00nullbit/CVE-References/blob/main/CVE-…
https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66823/README.md
https://github.com/x00nullbit/CVE-References/blob/main/CVE-…
https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66823/README.md
https://trueconf.com
https://trueconf.com