41 matches found
CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
EUVD-2025-36363
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
CVE-2025-62523
PLOS (PILOS) before 4.8.0 contains a CORS misconfiguration in middleware: it reflects the Origin header in Access-Control-Allow-Origin with credentials allowed, potentially enabling cross-origin requests with user credentials. Laravel’s session handling adds origin checks that prevent cross-origi...
CVE-2025-62523 PILOS Misconfigured the Access-Control-Allow-Origin Header
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing CORS misconfiguration in its middleware: it reflects the Origin request header back in the Access-Control-Allow-Origin response header without proper...
PT-2025-44055
Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, contains a flaw where changing a local user’s password does not invalidate existing session tokens, except for the current session. An attacker who previously...
PILOS 代码问题漏洞
PILOS is a THM open source front-end software. A code issue vulnerability exists in PILOS versions prior to 4.8.0 that stems from a password change that does not invalidate the current session token, which could allow an attacker to continue to maintain access using the acquired session token...
PT-2025-44036
Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, has a Cross-Origin Resource Sharing CORS misconfiguration in its middleware. The system reflects the Origin request header in the Access-Control-Allow-Origin respon...
PILOS 安全漏洞
PILOS is an open source front-end software from THM. A security vulnerability exists in PILOS versions prior to 4.8.0, which stems from exposing PHP version information that could lead to server fingerprinting and information disclosure...
PILOS 安全漏洞
PILOS is an open source front-end software from THM. A security vulnerability exists in PILOS versions prior to 4.8.0 that stems from a misconfiguration of cross-resource sharing, which could lead to a malicious website sending a request containing credentials...
PT-2025-44037
Name of the Vulnerable Software and Affected Versions PILOS versions prior to 4.8.0 Description PILOS, a frontend for BigBlueButton, reveals the PHP version through the X-Powered-By header. This information disclosure allows attackers to fingerprint the server and identify potential exploits. The...
EUVD-2023-51259
Malicious code in bioql PyPI...
CVE-2023-47107
PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...
CVE-2023-47107
PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...
Design/Logic Flaw
PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...
CVE-2023-47107 PILOS account takeover through password reset poisoning
PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...
CVE-2023-47107
Summary of mode C (concrete details): PILOS, the BigBlueButton front-end, has a vulnerability in its password reset flow where the reset URL is built using the request host header. An attacker could lure affected users to a URL that points to the attacker’s server, potentially disclosing the pass...
CVE-2023-47107 PILOS account takeover through password reset poisoning
PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...
CVE-2023-47107 PILOS account takeover through password reset poisoning
PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users...
PT-2023-30313 · Pilos · Pilos
Name of the Vulnerable Software and Affected Versions: PILOS versions prior to 2.3.0 Description: The password reset component in PILOS uses the hostname supplied within the request host header when building a password reset URL. This could allow manipulation of the URL sent to PILOS users,...