41 matches found
CVE-2026-22800
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery CSRF vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The affected endpoint performs ...
CVE-2026-22800
PILOS (Platform for Interactive Live-Online Seminars) before version 4.10.0 contains a CSRF vulnerability in an administrative GET endpoint that terminates all active video conferences on a single BigBlueButton server. Although authorization checks exist, the use of GET allows implicit invocation...
CVE-2026-22800 PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery CSRF vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The affected endpoint performs ...
CVE-2026-22800 PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery CSRF vulnerability exists in an administrative API endpoint responsible for terminating all active video conferences on a single server. The affected endpoint performs ...
PILOS 跨站请求伪造漏洞
PILOS is an open source front-end software from THM. A cross-site request forgery vulnerability exists in PILOS versions prior to 4.10.0, which stems from a cross-site request forgery in the management API endpoint that could result in termination of all active video conferences...
PT-2026-2312
Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.10.0 Description PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. A Cross-Site Request Forgery CSRF issue exists in an administrative API endpoint responsible for terminating all...
CVE-2025-62781
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...
CVE-2025-62523
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
CVE-2025-62524
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...
CVE-2025-62781
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...
CVE-2025-62781 PILOS is missing session regeneration after password change
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...
CVE-2025-62781 PILOS is missing session regeneration after password change
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...
CVE-2025-62781 PILOS is missing session regeneration after password change
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing so, all other active sessions are terminated, except for the currently active one. However, the current session’s...
CVE-2025-62524
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...
CVE-2025-62523
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
EUVD-2025-36362
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...
CVE-2025-62524
PILOS (Frontend for BigBlueButton) before version 4.8.0 disclosed PHP version information via the X-Powered-By header, enabling server fingerprinting. The vulnerability originates from the base PHP image and can also be inferred from the PILOS footer or GitHub source. It has been patched in PILOS...
CVE-2025-62524 PILOS Exposes PHP version
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...
CVE-2025-62524 PILOS Exposes PHP version
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...
CVE-2025-62524 PILOS Exposes PHP version
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...