Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton bigbluebutton vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-4143
Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton before 2.4.0.
Bigbluebutton Bigbluebutton
NA
CVE-2022-41963
BigBlueButton is an open source web conferencing system. Versions before 2.4.3 contain a whiteboard grace period that exists to handle delayed messages, but this grace period could be used by malicious users to take actions in the few seconds after their access is revoked. The at...
Bigbluebutton Bigbluebutton
NA
CVE-2022-41960
BigBlueButton is an open source web conferencing system. Versions before 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to `validateAuthToken` using a victim's userId, meetingId, and an...
Bigbluebutton Bigbluebutton
4
CVSSv2
CVE-2020-28953
In BigBlueButton prior to 2.2.29, a user can vote more than once in a single poll.
Bigbluebutton Bigbluebutton
5
CVSSv2
CVE-2020-28954
web/controllers/ApiController.groovy in BigBlueButton prior to 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.
Bigbluebutton Bigbluebutton
4
CVSSv2
CVE-2020-25820
BigBlueButton prior to 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.
Bigbluebutton Bigbluebutton
5
CVSSv2
CVE-2020-12112
BigBlueButton prior to 2.2.5 allows remote malicious users to obtain sensitive files via Local File Inclusion.
Bigbluebutton Bigbluebutton
1 Github repository
4
CVSSv2
CVE-2022-29234
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker needs to be a participan...
Bigbluebutton Bigbluebutton
NA
CVE-2022-23490
BigBlueButton is an open source web conferencing system. Versions before 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the ...
Bigbluebutton Bigbluebutton
4.3
CVSSv2
CVE-2020-12113
BigBlueButton prior to 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.
Bigbluebutton Bigbluebutton
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »