CVE-2023-34121 MEDIUM

CVE-2023-34121

Vendor Zoom Video Communications, Inc.
Product Zoom for Windows
Weakness CWE-79 · XSS
Published June 13, 2023
Last update January 2, 2025
View on NVD All CVEs

CVSS base score

4.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.

Key dates

02Disclosure timeline

June 13, 2023 CVE published
January 2, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-28535 WordPress Paytm Payment Donation Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) CVE-2021-41188 Authenticated Stored XSS in Administration CVE-2025-23658 WordPress Advanced Angular Contact Form plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-11759 Bukza <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2026-5711 Post Blocks & Tools <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute