Low
CVSS 3.5
Overview
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.
CVE-2025-49462
Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an ...
Risk analysis
This vulnerability is rated 🟢 LOW.
- CVSS: 3.5 (LOW)
- Detected tags: xss (tag impact: MODERATE)
Recommended actions:
- Apply context-aware output encoding.
- Enable Content-Security-Policy and HttpOnly/SameSite cookies.