{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T22:55:53.242","vulnerabilities":[{"cve":{"id":"CVE-2025-66824","sourceIdentifier":"cve@mitre.org","published":"2025-12-30T19:15:44.580","lastModified":"2026-01-07T15:41:22.697","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Stored Cross-Site Scripting (XSS) vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meeting_room parameter and executed when users visit the Conference Info page, allowing attackers to achieve full Account Takeover (ATO). This issue is caused by improper sanitization of user-supplied input in the meeting_room field."},{"lang":"es","value":"Una vulnerabilidad de cross-site scripting (XSS) almacenado existe en el campo de ubicación de la reunión de la funcionalidad de Crear/Editar Conferencia en TrueConf Server v5.5.2.10813. La carga útil inyectada se almacena a través del parámetro meeting_room y se ejecuta cuando los usuarios visitan la página de información de la conferencia, permitiendo a los atacantes lograr una toma de control total de la cuenta (ATO). Este problema es causado por una sanitización inadecuada de la entrada proporcionada por el usuario en el campo meeting_room."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":5.2}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trueconf:server:5.5.2.10813:*:*:*:*:*:*:*","matchCriteriaId":"8059D00D-F6AA-4CA7-ADCA-32B34F21D726"}]}]}],"references":[{"url":"https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66824/README.md","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://trueconf.com","source":"cve@mitre.org","tags":["Product"]},{"url":"https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66824/README.md","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}