Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton bigbluebutton vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2020-27613
The installation procedure in BigBlueButton prior to 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.
Bigbluebutton Bigbluebutton
5
CVSSv2
CVE-2020-27609
BigBlueButton up to and including 2.2.28 records a video meeting despite the deactivation of video recording in the user interface. This may result in data storage beyond what is authorized for a specific meeting topic or participant.
Bigbluebutton Bigbluebutton
4.3
CVSSv2
CVE-2020-27608
In BigBlueButton prior to 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
Bigbluebutton Bigbluebutton
3.5
CVSSv2
CVE-2022-27238
BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a...
Bigbluebutton Bigbluebutton
4.3
CVSSv2
CVE-2020-29042
An issue exists in BigBlueButton up to and including 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code.
Bigbluebutton Bigbluebutton
4
CVSSv2
CVE-2020-28953
In BigBlueButton prior to 2.2.29, a user can vote more than once in a single poll.
Bigbluebutton Bigbluebutton
5
CVSSv2
CVE-2020-28954
web/controllers/ApiController.groovy in BigBlueButton prior to 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.
Bigbluebutton Bigbluebutton
5
CVSSv2
CVE-2020-29043
An issue exists in BigBlueButton up to and including 2.2.29. When at attacker is able to view an account_activations/edit?token= URI, the attacker can create an approved user account associated with an email address that has an arbitrary domain name.
Bigbluebutton Bigbluebutton
NA
CVE-2020-27601
In BigBlueButton prior to 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.
Bigbluebutton Bigbluebutton
NA
CVE-2020-27602
BigBlueButton prior to 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.
Bigbluebutton Bigbluebutton
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »