Lucene search
K

41 matches found

Vulnrichment
Vulnrichment
added 2025/10/27 8:10 p.m.3 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS6.5AI score0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/27 8:10 p.m.5 views

EUVD-2025-36363

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS6.4AI score0.00186EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/27 8:10 p.m.9 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS0.00186EPSS
Exploits0References2
CVE
CVE
added 2025/10/27 8:10 p.m.11 views

CVE-2025-62523

PLOS (PILOS) before 4.8.0 contains a CORS misconfiguration in middleware: it reflects the Origin header in Access-Control-Allow-Origin with credentials allowed, potentially enabling cross-origin requests with user credentials. Laravel’s session handling adds origin checks that prevent cross-origi...

6.3CVSS6.5AI score0.00186EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/10/27 8:10 p.m.5 views

CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header

PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...

6.3CVSS6.9AI score0.00186EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.6 views

PT-2025-44055

Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, contains a flaw where changing a local user’s password does not invalidate existing session tokens, except for the current session. An attacker who previously...

5CVSS6.4AI score0.00159EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.3 views

PILOS 代码问题漏洞

PILOS is a THM open source front-end software. A code issue vulnerability exists in PILOS versions prior to 4.8.0 that stems from a password change that does not invalidate the current session token, which could allow an attacker to continue to maintain access using the acquired session token...

5CVSS6.8AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.6 views

PT-2025-44036

Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, has a Cross-Origin Resource Sharing CORS misconfiguration in its middleware. The system reflects the Origin request header in the Access-Control-Allow-Origin respon...

6.3CVSS6.8AI score0.00186EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.7 views

PILOS 安全漏洞

PILOS is an open source front-end software from THM. A security vulnerability exists in PILOS versions prior to 4.8.0, which stems from exposing PHP version information that could lead to server fingerprinting and information disclosure...

5.3CVSS6.4AI score0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.3 views

PILOS 安全漏洞

PILOS is an open source front-end software from THM. A security vulnerability exists in PILOS versions prior to 4.8.0 that stems from a misconfiguration of cross-resource sharing, which could lead to a malicious website sending a request containing credentials...

6.3CVSS6.6AI score0.00186EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.5 views

PT-2025-44037

Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, reveals the PHP version through the X-Powered-By header. This information disclosure allows attackers to fingerprint the server and identify potential exploits. The...

5.3CVSS6.4AI score0.00238EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-51259

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00599EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.7 views

CVE-2023-47107

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...

8.8CVSS6.8AI score0.00599EPSS
Exploits0References1
NVD
NVD
added 2023/11/08 4:15 p.m.16 views

CVE-2023-47107

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...

8.8CVSS0.00599EPSS
Exploits0References1
Prion
Prion
added 2023/11/08 4:15 p.m.12 views

Design/Logic Flaw

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...

6.8CVSS7AI score0.00599EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/08 3:39 p.m.12 views

CVE-2023-47107 PILOS account takeover through password reset poisoning

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...

8.8CVSS7AI score0.00599EPSS
Exploits0References1
CVE
CVE
added 2023/11/08 3:39 p.m.43 views

CVE-2023-47107

Summary of mode C (concrete details): PILOS, the BigBlueButton front-end, has a vulnerability in its password reset flow where the reset URL is built using the request host header. An attacker could lure affected users to a URL that points to the attacker’s server, potentially disclosing the pass...

8.8CVSS8.6AI score0.00599EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/08 3:39 p.m.20 views

CVE-2023-47107 PILOS account takeover through password reset poisoning

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...

8.8CVSS8.3AI score0.00599EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/08 3:39 p.m.28 views

CVE-2023-47107 PILOS account takeover through password reset poisoning

PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...

8.8CVSS8.8AI score0.00599EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/08 12:0 a.m.3 views

PT-2023-30313 · Pilos · Pilos

Name of the Vulnerable Software and Affected Versions: PILOS versions prior to 2.3.0 Description: The password reset component in PILOS uses the hostname supplied within the request host header when building a password reset URL. This could allow manipulation of the URL sent to PILOS users,...

8.8CVSS8.3AI score0.00599EPSS
Exploits0References6
Rows per page
Query Builder