Vulnerabilities (CVE)

Filtered by vendor On24 Subscribe
Filtered by product Screenshare
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-34823 1 On24 1 Screenshare 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 for macOS allows remote file access via its built-in HTTP server. This allows unauthenticated remote users to retrieve files accessible to the logged-on macOS user. When a remote user sends a crafted HTTP request to the server, it triggers a code path that will download a configuration file from a specified remote machine over HTTP. There is an XXE flaw in processing of this configuration file that allows reading local (to macOS) files and uploading them to remote machines.