4 matches found
CVE-2022-31065
BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker whose username contains malicious JavaScript, the script gets...
CVE-2022-31065
BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker whose username contains malicious JavaScript, the script gets...
CVE-2022-31065
CVE-2022-31065 affects BigBlueButton prior to versions 2.4.8 and 2.5.0. The vulnerability allows an attacker to embed malicious JavaScript in their username, which is executed on the victim’s client when the attacker sends a private chat or when a notification of the attacker leaving the session ...
CVE-2022-31065 Cross site scripting vulnerability for private chat in bigbluebutton
BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker whose username contains malicious JavaScript, the script gets...