38 matches found
PT-2026-34218
Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 3.0.24 Description A missing authorization allows viewers to inject or overwrite captions. Recommendations Update to version 3.0.24...
CVE-2026-27467
BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...
PT-2026-21365
BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...
CVE-2023-49172
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BrainCert BrainCert – HTML5 Virtual Classroom allows Reflected XSS.This issue affects BrainCert – HTML5 Virtual Classroom: from n/a through 1.30...
EUVD-2023-53177
Malicious code in bioql PyPI...
ArgusTech BILGER 安全漏洞
ArgusTech BILGER is a virtual classroom management system from ArgusTech Turkey. A security vulnerability exists in ArgusTech BILGER versions prior to 2.4.6, which stems from a user control key under user privileges leading to an authorization bypass that could potentially exploit trusted...
ArgusTech BILGER 安全漏洞
ArgusTech BILGER is a virtual classroom management system from ArgusTech Turkey. A security vulnerability exists in ArgusTech BILGER versions prior to 2.4.6, which stems from the insertion of sensitive information in the sent data and could lead to a select message identifier attack...
CVE-2024-39302 Some bbb-record-core files installed with wrong file permission
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker may be able to exploit the overly elevated file permissions in the /usr/local/bigbluebutton/core/vendor/bundle/ruby/2.7.0/gems/resque-2.6.0 directory with the goal of privilege...
CVE-2024-38518
BigBlueButton (BBB) is affected. A valid join link can be manipulated to generate a signed join link with extra parameters (for example role=moderator), allowing an attacker to join a meeting as moderator using a link intended for viewers. This vulnerability is addressed in BBB versions 2.6.18, 2...
CVE-2024-38518 bbb-web API additional parameters considered
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BrainCert BrainCert – HTML5 Virtual Classroom allows Reflected XSS.This issue affects BrainCert – HTML5 Virtual Classroom: from n/a through 1.30...
CVE-2023-49172 WordPress BrainCert – HTML5 Virtual Classroom Plugin <= 1.30 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BrainCert BrainCert – HTML5 Virtual Classroom allows Reflected XSS.This issue affects BrainCert – HTML5 Virtual Classroom: from n/a through 1.30...
CVE-2023-49172 WordPress BrainCert – HTML5 Virtual Classroom Plugin <= 1.30 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BrainCert BrainCert – HTML5 Virtual Classroom allows Reflected XSS.This issue affects BrainCert – HTML5 Virtual Classroom: from n/a through 1.30...
CVE-2023-49172
CVE-2023-49172 describes a reflected cross-site scripting (XSS) vulnerability in BrainCert – HTML5 Virtual Classroom. Multiple sources corroborate an XSS in BrainCert HTML5 Virtual Classroom affecting versions up to 1.30 (Wordfence, Red Hat). Patch guidance indicates a fix was released in version...
PT-2023-31090 · Braincert · Braincert – Html5 Virtual Classroom
Name of the Vulnerable Software and Affected Versions: BrainCert – HTML5 Virtual Classroom versions n/a through 1.30 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS in BrainCert –...
BrainCert – HTML5 Virtual Classroom <= 2.0 - Reflected Cross-Site Scripting
Description The BrainCert – HTML5 Virtual Classroom plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress BrainCert – HTML5 Virtual Classroom Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
Software BrainCert – HTML5 Virtual Classroom Type Plugin Vulnerable versions = 2.0 Fixed in 2.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49172 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 337638b9c86e Credits Khalid Yusuf...
CVE-2023-43798
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery SSRF. This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at httpclient.execute since the...
CVE-2023-43797
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...
Cross site scripting
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby...