Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-31065
HistoryJun 27, 2022 - 8:15 p.m.

CVE-2022-31065

2022-06-2720:15:08
Google
osv.dev
4
bigbluebutton
web conferencing
malicious javascript
private chat
security issue
patch
version 2.4.8
version 2.5.0

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

30.8%

JSON

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim’s client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.

Related

cnvd 1
cvelist 1
cve 1
nvd 1
prion 1
cnvd
cnvd
BigBlueButton Cross-Site Scripting Vulnerability (CNVD-2022-58952)
2022-06-30 00:00:00
cvelist
cvelist
CVE-2022-31065 Cross site scripting vulnerability for private chat in bigbluebutton
2022-06-27 19:45:21
cve
cve
CVE-2022-31065
2022-06-27 20:15:08
nvd
nvd
CVE-2022-31065
2022-06-27 20:15:08
prion
prion
Design/Logic Flaw
2022-06-27 20:15:00

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

30.8%

JSON
Related for OSV:CVE-2022-31065
cnvd1cvelist1cve1nvd1prion1