Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-12113
BigBlueButton prior to 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.
Bigbluebutton Bigbluebutton
9.8
CVSSv3
CVE-2020-12443
BigBlueButton prior to 2.2.6 allows remote malicious users to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traver...
Bigbluebutton Bigbluebutton
1 Github repository
5.7
CVSSv3
CVE-2022-41964
BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the...
Bigbluebutton Bigbluebutton 2.4
6.1
CVSSv3
CVE-2023-39991
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindside Networks BigBlueButton plugin <= 3.0.0-beta.4 versions.
Blindsidenetworks Bigbluebutton 3.0.0
Blindsidenetworks Bigbluebutton
8.8
CVSSv3
CVE-2020-26163
BigBlueButton Greenlight prior to 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
Bigbluebutton Greenlight
5.3
CVSSv3
CVE-2022-31039
Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This iss...
Bigbluebutton Greenlight
5.4
CVSSv3
CVE-2022-26497
BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the att...
Bigbluebutton Greenlight 2.11.1
6.1
CVSSv3
CVE-2020-27642
A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.
Bigbluebutton Greenlight 2.7.6
3.3
CVSSv3
CVE-2023-5543
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
Moodle Moodle
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 38
NA
CVE-2022-36028
Greenlight is an end-user interface for BigBlueButton servers. Versions before 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »