CVE-2022-36028

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the returnto cookie. Versions 2.13.0 contains a patch for the issue...

CVE-2022-36029

CVE-2022-36029 affects Greenlight (end-user UI for BigBlueButton). The issue is an open redirect on the Login page caused by the unchecked value of the return_to cookie in versions prior to 2.13.0. A patch was released in 2.13.0 to fix this. The connected sources confirm the vulnerable component ...

CVE-2022-36029 BigBlueButton Greenlight Open Redirect vulnerability

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the returnto cookie. Versions 2.13.0 contains a patch for the issue...

CVE-2020-15408

Pulse Connect Secure (PCS) before 9.1R8 is affected by CVE-2020-15408. An authenticated attacker can access the admin page console via the end-user web interface due to a rewrite. This is documented in multiple sources (NVD/NIST entry and Pulse advisory SA44516). The issue’s impact is limited to ...

CVE-2020-15408

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite. Recent assessments: wvu-r7 at July 28, 2020 6:20pm UTC reported: I wonder if this has SSRF-to-RCE potential...

typo3 -- multiple vulnerabilities

Typo3 News: CVE-2020-11063: TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset It has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to verify whether a backend user account with a given email...