Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2022-31065
HistoryJun 27, 2022 - 8:15 p.m.

CVE-2022-31065

2022-06-2720:15:08
CWE-79
[email protected]
web.nvd.nist.gov
3
bigbluebutton
web conferencing
javascript execution
cve-2022-31065
client-side attack
security patch

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.8%

JSON

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim’s client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.

Affected configurations

Nvd
Node
bigbluebuttonbigbluebuttonRange2.42.4.8
OR
bigbluebuttonbigbluebuttonMatch2.3.0
OR
bigbluebuttonbigbluebuttonMatch2.4.9
OR
bigbluebuttonbigbluebuttonMatch2.5alpha1
OR
bigbluebuttonbigbluebuttonMatch2.5alpha2
OR
bigbluebuttonbigbluebuttonMatch2.5alpha3
OR
bigbluebuttonbigbluebuttonMatch2.5alpha4
OR
bigbluebuttonbigbluebuttonMatch2.5alpha5
OR
bigbluebuttonbigbluebuttonMatch2.5alpha6
OR
bigbluebuttonbigbluebuttonMatch2.5beta1
OR
bigbluebuttonbigbluebuttonMatch2.5beta2
OR
bigbluebuttonbigbluebuttonMatch2.5rc.1
OR
bigbluebuttonbigbluebuttonMatch2.5rc.2
OR
bigbluebuttonbigbluebuttonMatch2.5rc.3
OR
bigbluebuttonbigbluebuttonMatch2.5rc.4
VendorProductVersionCPE
bigbluebuttonbigbluebutton*cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.3.0cpe:2.3:a:bigbluebutton:bigbluebutton:2.3.0:*:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.4.9cpe:2.3:a:bigbluebutton:bigbluebutton:2.4.9:*:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha1:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha2:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha3:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha4:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha5:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha6:*:*:*:*:*:*
bigbluebuttonbigbluebutton2.5cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:beta1:*:*:*:*:*:*
Rows per page:
1-10 of 151

Related

osv 1
cve 1
prion 1
cnvd 1
cvelist 1
osv
osv
CVE-2022-31065
2022-06-27 20:15:08
cve
cve
CVE-2022-31065
2022-06-27 20:15:08
prion
prion
Design/Logic Flaw
2022-06-27 20:15:00
cnvd
cnvd
BigBlueButton Cross-Site Scripting Vulnerability (CNVD-2022-58952)
2022-06-30 00:00:00
cvelist
cvelist
CVE-2022-31065 Cross site scripting vulnerability for private chat in bigbluebutton
2022-06-27 19:45:21

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

30.8%

JSON
Related for NVD:CVE-2022-31065
osv1cve1prion1cnvd1cvelist1