CVE-2023-43797

BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...

CVE-2022-31065

BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker whose username contains malicious JavaScript, the script gets...

EUVD-2020-18456

Malware in sbrugna...

EUVD-2020-20109

Malware in sbrugna...

EUVD-2022-33594

Malicious code in bioql PyPI...

EUVD-2022-45068

Malicious code in bioql PyPI...

EUVD-2024-37388

Malicious code in bioql PyPI...

CVE-2020-27603

BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files...

CVE-2020-27602

BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken...