Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bigbluebutton vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-12443
BigBlueButton prior to 2.2.6 allows remote malicious users to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traver...
Bigbluebutton Bigbluebutton
1 Github repository
383
VMScore
CVE-2021-4143
Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton before 2.4.0.
Bigbluebutton Bigbluebutton
NA
CVE-2022-41964
BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the...
Bigbluebutton Bigbluebutton 2.4
NA
CVE-2023-39991
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindside Networks BigBlueButton plugin <= 3.0.0-beta.4 versions.
Blindsidenetworks Bigbluebutton 3.0.0
Blindsidenetworks Bigbluebutton
605
VMScore
CVE-2020-26163
BigBlueButton Greenlight prior to 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
Bigbluebutton Greenlight
445
VMScore
CVE-2022-31039
Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This iss...
Bigbluebutton Greenlight
383
VMScore
CVE-2020-27642
A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.
Bigbluebutton Greenlight 2.7.6
312
VMScore
CVE-2022-26497
BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the att...
Bigbluebutton Greenlight 2.11.1
NA
CVE-2023-5543
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
Moodle Moodle
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 38
NA
CVE-2022-36028
Greenlight is an end-user interface for BigBlueButton servers. Versions before 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »