Filtered by vendor On24
Subscriptions
Filtered by product Screenshare
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34823 | 1 On24 | 1 Screenshare | 2024-11-21 | 9.1 Critical |
| The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it triggers a code path that will download a configuration file from a specified remote machine over HTTP. There is an XXE flaw in processing of this configuration file that allows reading local (to macOS) files and uploading them to remote machines. | ||||
Page 1 of 1.