Lucene search
K

62 matches found

Cvelist
Cvelist
added 2022/06/02 12:0 a.m.22 views

CVE-2022-26497

BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously...

5.6AI score0.00806EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2021/12/18 6:24 a.m.14 views

greenlightgroup.co.th Cross Site Scripting vulnerability OBB-2305846

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/06/08 4:1 p.m.104 views

Feds Secretly Ran a Fake Encrypted Chat App and Busted Over 800 Criminals

In an unprecedented sting operation, the U.S. Federal Bureau of Investigation FBI and Australian Federal Police AFP ran an encrypted chat service called ANoM for nearly three years to intercept 27 million messages exchanged between criminal gang members globally. Dubbed Operation Ironside AFP,...

7.2AI score
Exploits0
CNVD
CNVD
added 2020/11/03 12:0 a.m.13 views

BigBlueButton Greenlight has an unspecified vulnerability

BigBlueButton is an open source Web conferencing system from the BigBlueButton community. versions prior to BigBlueButton Greenlight 2.5.6 have a security vulnerability that stems from an allow HTTP header host and source attack, which can be exploited by an attacker to cause an account takeover...

8.8CVSS2.7AI score0.01531EPSS
Exploits1References1
CNVD
CNVD
added 2020/10/25 12:0 a.m.3 views

BigBlueButton Greenlight Cross-Site Scripting Vulnerability

BigBlueButton is BigBlueButton community of a set of open source Web conferencing system . A cross-site scripting vulnerability exists in BigBlueButton Greenlight version 2.7.6, which stems from a cross-site scripting XSS vulnerability in the "merge account" function of admin .js. No details of t...

6.1CVSS5.9AI score0.00671EPSS
Exploits0References1
OSV
OSV
added 2020/10/22 1:15 p.m.14 views

CVE-2020-27642

A cross-site scripting XSS vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6...

6.1CVSS5.7AI score
Exploits0References1
NVD
NVD
added 2020/10/22 1:15 p.m.19 views

CVE-2020-27642

A cross-site scripting XSS vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6...

6.1CVSS0.00671EPSS
Exploits0References1
Prion
Prion
added 2020/10/22 1:15 p.m.17 views

Cross site scripting

A cross-site scripting XSS vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6...

4.3CVSS6AI score0.00671EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/10/22 12:56 p.m.16 views

CVE-2020-27642

A cross-site scripting XSS vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6...

6AI score0.00671EPSS
Exploits0References1
CVE
CVE
added 2020/10/22 12:56 p.m.37 views

CVE-2020-27642

BigBlueButton Greenlight 2.7.6 is affected by a cross-site scripting (XSS) vulnerability in the merge account functionality implemented in admins.js. This is consistently described across multiple sources (CVE-2020-27642 and related records) as an XSS in the merge account path. The vulnerability ...

6.1CVSS5.9AI score0.00671EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/10/21 3:15 p.m.13 views

CVE-2020-27612

Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window...

4.3CVSS6.5AI score
Exploits0References1
NVD
NVD
added 2020/10/21 3:15 p.m.13 views

CVE-2020-27612

Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window...

4.3CVSS0.00673EPSS
Exploits0References1
Prion
Prion
added 2020/10/21 3:15 p.m.17 views

Design/Logic Flaw

Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window...

4CVSS4.5AI score0.00673EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/10/21 2:8 p.m.42 views

CVE-2020-27612

CVE-2020-27612 affects BigBlueButton Greenlight up to version 2.2.28. The issue: usernames are included in room URLs, potentially leaking user identity to room participants or outsiders if a screenshot is shared. The connected documents confirm the impact as an information leak but do not provide...

4.3CVSS4.4AI score0.00673EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/09/30 6:15 p.m.20 views

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...

8.8CVSS0.01531EPSS
Exploits1References3
OSV
OSV
added 2020/09/30 6:15 p.m.18 views

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...

8.8CVSS6.8AI score
Exploits0References3
Prion
Prion
added 2020/09/30 6:15 p.m.16 views

Design/Logic Flaw

BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...

6.8CVSS8.6AI score0.01531EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/09/30 3:28 p.m.24 views

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header Host and Origin attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link...

8.7AI score0.01531EPSS
Exploits1References3
CVE
CVE
added 2020/09/30 3:28 p.m.55 views

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 is affected by an HTTP header (Host and Origin) input issue that enables account takeover when a user clicks a spoofed password‑reset link. Root cause: header handling allows spoofing of origins/hosts. Impact: potential account compromise; attacks require net...

8.8CVSS8.6AI score0.01531EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2016/07/11 12:0 a.m.30 views

Joomla Services SQL Injection

======================================================================== | Title : Joomla comservices Sql injection vulnerability | Author : indoushka | email : [email protected] | Tested on: windows 8.1 Français V.Pro | Vendor :...

0.8AI score
Exploits0
Rows per page
Query Builder