CVE-2021-39205
DOM-based XSS/Content Spoofing via Prototype PollutionJitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading.
We have discovered 5 live websites that are affected by CVE-2021-39205.
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Sep 15, 2021
- Updated - Aug 4, 2024
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2021-39205 United States | 2 websites |
 France | 1 websites |
 Italy | 1 websites |
 Netherlands | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2021-39205| .com | 5 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2021-39205
Top websites that are affected by CVE-2021-39205. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******************.com | France | *,***,*** | |
| ***************.com | United States | **,***,*** | |
| *******.********.com | United States | **,***,*** | |
| ************.com | Netherlands | **,***,*** | |
| ******.com | Italy | ***,***,*** |
FAQ
CVE-2021-39205 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jitsi
A total of 5 websites have been identified as vulnerable to CVE-2021-39205, based on global website indexing conducted by WebTechSurvey.
The Jitsi is affected by the CVE-2021-39205 vulnerability.
Jitsi versions up to 2.0.6173 are vulnerable to CVE-2021-39205.
CVE-2021-39205 is resolved in version 2.0.6173 of Jitsi.