Reflected Cross-Site Scripting (XSS)
D. Kiryukhin (Office Moscow) | SEQ LLC
Vinteo Video Core is a software server, the core of video conferencing and communication system.
With Vinteo Video Core, you can connect up to 1,000 participants to videoconferencing simultaneously.
The solution supports advanced WebRTC technology, which allows you to connect to videoconferencing
using a browser directly and does not require the installation of specialized software.
The vendor provides a patch with new version of product and users of this product are urged to immediately upgrade to the latest version available.
SEQ LLC recommends to perform a thorough security review conducted by security professionals to identify and resolve all security issues.
Reflected Cross-Site Scripting (CVE-2022-48020)
The following version was tested and found to be vulnerable:
2022-10-25: Contacting vendor through email
2022-12-21: Contacting vendor through email with information about applying to MITRE
The vendor provides an updated version which should be installed immediately:
EOF D. Kiryukhin / @2022