Published: 27/06/2022 Updated: 07/07/2022

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 187

Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bigbluebutton bigbluebutton 2.5
bigbluebutton bigbluebutton
bigbluebutton bigbluebutton 2.3.0
bigbluebutton bigbluebutton 2.4.9

BigBlueButton versions 23, prior to 248, and prior to 250 suffer from a persistent cross site scripting vulnerability ...

CWE-79 https://pentests.nl/pentest-blog/stored-xss-in-bigbluebutton/https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-hwv2-5pf5-hr87 https://github.com/bigbluebutton/bigbluebutton/pull/15067 https://github.com/bigbluebutton/bigbluebutton/pull/15090 http://seclists.org/fulldisclosure/2022/Jun/52 http://packetstormsecurity.com/files/167682/BigBlueButton-2.3-2.4.7-Cross-Site-Scripting.html https://nvd.nist.gov https://packetstormsecurity.com/files/167682/BigBlueButton-2.3-2.4.7-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-31064

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect