Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton bigbluebutton vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-12112
BigBlueButton prior to 2.2.5 allows remote malicious users to obtain sensitive files via Local File Inclusion.
Bigbluebutton Bigbluebutton
1 Github repository
6.1
CVSSv3
CVE-2020-12113
BigBlueButton prior to 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.
Bigbluebutton Bigbluebutton
5.7
CVSSv3
CVE-2022-41964
BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the...
Bigbluebutton Bigbluebutton 2.4
6.1
CVSSv3
CVE-2023-39991
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindside Networks BigBlueButton plugin <= 3.0.0-beta.4 versions.
Blindsidenetworks Bigbluebutton 3.0.0
Blindsidenetworks Bigbluebutton
5.3
CVSSv3
CVE-2022-31039
Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This iss...
Bigbluebutton Greenlight
8.8
CVSSv3
CVE-2020-26163
BigBlueButton Greenlight prior to 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
Bigbluebutton Greenlight
5.4
CVSSv3
CVE-2022-26497
BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the att...
Bigbluebutton Greenlight 2.11.1
6.1
CVSSv3
CVE-2020-27642
A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.
Bigbluebutton Greenlight 2.7.6
3.3
CVSSv3
CVE-2023-5543
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
Moodle Moodle
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 38
NA
CVE-2022-36028
Greenlight is an end-user interface for BigBlueButton servers. Versions before 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »