web/controllers/ApiController.groovy in BigBlueButton prior to 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bigbluebutton bigbluebutton |