CVE-2025-66823

← CVEs

MED 5.4

Published

2025-12-30

Last Modified

2026-01-07

Affected Apps

Affected Devices

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page ([conference url]/info).

Affected Applications in Environment 5

FileMaker Server v15.0.3 (10-27-2016)

1 device

SQL Server Management Studio v15.0.18424.

1 device

libvncserver v0.9.11-17.el8

5 devices

libvncserver v0.9.9-14.el7_8.1

1 device

libvncserver v0.9.11-17.el8

1 device

Affected Devices 9

EDUCDB1 Windows RVS112-03 Windows chela03 Linux chela04 Linux chela05 Linux dpapsb-161390.aggies.usu.edu Linux dpapsb-191594.mypc.usu.edu Linux eprocdev.banner.usu.edu Linux guru.cluster Linux

References 3

https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66823/README.md
https://trueconf.com
https://github.com/x00nullbit/CVE-References/blob/main/CVE-2025-66823/README.md