CVE-2023-39208 MEDIUM

CVE-2023-39208

Vendor Zoom Video Communications, Inc.

Product Zoom Desktop Client for Linux

Weakness CWE-79 · XSS

Published September 12, 2023

Last update September 27, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.

Key dates

02Disclosure timeline

September 12, 2023 CVE published

September 27, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-39208

Related vulnerabilities

04Related CVE

CVE-2026-3350 Image Alt Text Manager <= 1.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Title CVE-2021-36027 Magento Commerce Stored Cross-site Scripting Vulnerability CVE-2024-27960 WordPress Email Subscription Popup plugin <= 1.2.20 - Cross Site Scripting (XSS) vulnerability CVE-2025-63032 WordPress Consulting theme <= 1.5.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-35782 WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability

Identifiers

CVE CVE-2023-39208

CWE CWE-79

CVSS 6.5 / MEDIUM

Affected versions

Vendor Zoom Video Communications, Inc.

Product Zoom Desktop Client for Linux

Affected before version 5.15.10