CVE-2020-27642

2020-10-2213:15:15

Google

osv.dev

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.0%

JSON

A cross-site scripting (XSS) vulnerability exists in the ‘merge account’ functionality in admins.js in BigBlueButton Greenlight 2.7.6.

CPENameOperatorVersion
greenlighteqrelease-2.4
greenlighteqrelease-2.1.2
greenlighteqrelease-2.7.6
greenlighteqrelease-2.6.2
greenlighteqrelease-2.2.3
greenlighteqrelease-2.5.3
greenlighteqrelease-2.5.6
greenlighteqrelease-2.0.1
greenlighteqrelease-2.0.2
greenlighteqrelease-2.5.2

Name	Operator	Version
greenlight	eq	release-2.4
greenlight	eq	release-2.1.2
greenlight	eq	release-2.7.6
greenlight	eq	release-2.6.2
greenlight	eq	release-2.2.3
greenlight	eq	release-2.5.3
greenlight	eq	release-2.5.6
greenlight	eq	release-2.0.1
greenlight	eq	release-2.0.2
greenlight	eq	release-2.5.2

Rows per page:

1-10 of 531

References

github.com/bigbluebutton/greenlight/pull/2214