Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-31064
BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the Jav...
Bigbluebutton Bigbluebutton 2.5
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.3.0
Bigbluebutton Bigbluebutton 2.4.9
6.1
CVSSv3
CVE-2022-31065
BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript...
Bigbluebutton Bigbluebutton 2.5
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.3.0
Bigbluebutton Bigbluebutton 2.4.9
4.3
CVSSv3
CVE-2022-41961
BigBlueButton is an open source web conferencing system. Versions before 2.4-rc-6 are subject to Ineffective user bans. The attacker could register multiple users, and join the meeting with one of them. When that user is banned, they could still join the meeting with the remainin...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
2.7
CVSSv3
CVE-2022-41962
BigBlueButton is an open source web conferencing system. Versions before 2.4-rc-6, and 2.5-alpha-1 contain Incorrect Authorization for setting emoji status. A user with moderator rights can use the clear status feature to set any emoji status for other users. Moderators should on...
Bigbluebutton Bigbluebutton 2.4
Bigbluebutton Bigbluebutton
5.4
CVSSv3
CVE-2023-43797
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was a...
Bigbluebutton Bigbluebutton 2.7.0
Bigbluebutton Bigbluebutton
5.4
CVSSv3
CVE-2023-43798
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclien...
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.7.0
8.8
CVSSv3
CVE-2023-42803
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validat...
Bigbluebutton Bigbluebutton 2.6.0
Bigbluebutton Bigbluebutton
5.3
CVSSv3
CVE-2023-42804
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain ex...
Bigbluebutton Bigbluebutton 2.6.0
Bigbluebutton Bigbluebutton
7.5
CVSSv3
CVE-2022-29169
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and before 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service fo...
Bigbluebutton Bigbluebutton 2.5
Bigbluebutton Bigbluebutton
6.5
CVSSv3
CVE-2022-29232
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a pa...
Bigbluebutton Bigbluebutton
Bigbluebutton Bigbluebutton 2.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »