Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-31065
BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript...
Bigbluebutton Bigbluebutton 2.5
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.3.0
Bigbluebutton Bigbluebutton 2.4.9
2.1
CVSSv2
CVE-2022-31064
BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the Jav...
Bigbluebutton Bigbluebutton 2.5
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.3.0
Bigbluebutton Bigbluebutton 2.4.9
NA
CVE-2022-41962
BigBlueButton is an open source web conferencing system. Versions before 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should on...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
NA
CVE-2023-43797
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was a...
Bigbluebutton Bigbluebutton 2.7.0
Bigbluebutton Bigbluebutton
NA
CVE-2023-43798
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclien...
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.7.0
NA
CVE-2022-23488
BigBlueButton is an open source web conferencing system. Versions before 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an malicious user to subscribe to viewers...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
5
CVSSv2
CVE-2022-29169
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and before 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service fo...
Bigbluebutton Bigbluebutton 2.5
Bigbluebutton Bigbluebutton
4
CVSSv2
CVE-2022-29232
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a pa...
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.4
4.3
CVSSv2
CVE-2022-29235
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the ...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
4
CVSSv2
CVE-2022-29236
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previous...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »