62 matches found
CVE-2022-26497
BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously...
greenlightgroup.co.th Cross Site Scripting vulnerability OBB-2305846
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals
In an unprecedented sting operation, the U.S. Federal Bureau of Investigation FBI and Australian Federal Police AFP ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally. Dubbed Operation Ironside AFP,...
BigBlueButton Greenlight has an unspecified vulnerability
BigBlueButton is an open source Web conferencing system from the BigBlueButton community. versions prior to BigBlueButton Greenlight 2.5.6 have a security vulnerability that stems from an allow HTTP header host and source attack, which can be exploited by an attacker to cause an account takeover...
BigBlueButton Greenlight Cross-Site Scripting Vulnerability
BigBlueButton is BigBlueButton community of a set of open source Web conferencing system . A cross-site scripting vulnerability exists in BigBlueButton Greenlight version 2.7.6, which stems from a cross-site scripting XSS vulnerability in the "merge account" function of admin .js. No details of t...
CVE-2020-27642
A cross-site scripting XSS vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6...
CVE-2020-27642
A cross-site scripting XSS vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6...
Cross site scripting
A cross-site scripting XSS vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6...
CVE-2020-27642
A cross-site scripting XSS vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6...
CVE-2020-27642
BigBlueButton Greenlight 2.7.6 is affected by a cross-site scripting (XSS) vulnerability in the merge account functionality implemented in admins.js. This is consistently described across multiple sources (CVE-2020-27642 and related records) as an XSS in the merge account path. The vulnerability ...
CVE-2020-27612
Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window...
CVE-2020-27612
Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window...
Design/Logic Flaw
Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window...
CVE-2020-27612
CVE-2020-27612 affects BigBlueButton Greenlight up to version 2.2.28. The issue: usernames are included in room URLs, potentially leaking user identity to room participants or outsiders if a screenshot is shared. The connected documents confirm the impact as an information leak but do not provide...
CVE-2020-26163
BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...
CVE-2020-26163
BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...
Design/Logic Flaw
BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...
CVE-2020-26163
BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...
CVE-2020-26163
BigBlueButton Greenlight before 2.5.6 is affected by an HTTP header (Host and Origin) input issue that enables account takeover when a user clicks a spoofed password‑reset link. Root cause: header handling allows spoofing of origins/hosts. Impact: potential account compromise; attacks require net...
Joomla Services SQL Injection
======================================================================== | Title : Joomla comservices Sql injection vulnerability | Author : indoushka | email : [email protected] | Tested on: windows 8.1 Français V.Pro | Vendor :...