In its Whiteboard app, Zoom has fixed a cross-site scripting (XSS) flaw that affected both the desktop and web versions. By adding and changing various elements, users of Zoom Whiteboard can work together in real-time on a shared canvas. In both the browser and the desktop application, Whiteboard executes JavaScript code.
Security researcher Eugene Lim (also known as “spaceraccoon”) found the XSS flaw in Zoom Whiteboard. Lim’s research into Zoom Whiteboard stems from his focus on the intersections of web, mobile, desktop, and other platforms.