Lucene search
K
BigbluebuttonGreenlight

6 matches found

CVE
CVE
added 2022/06/02 12:0 a.m.78 views

CVE-2022-26497

Vulnerability (CVE-2022-26497) affects BigBlueButton Greenlight 2.11.1. An attacker can embed a JavaScript payload in a username, which is executed in the victim’s browser when the attacker previously shared access to a room and the user interacts with the Share room access dialog. Root cause: cr...

5.4CVSS5.3AI score0.00806EPSS
CVE
CVE
added 2024/04/25 8:42 p.m.77 views

CVE-2022-36029

CVE-2022-36029 affects Greenlight (end-user UI for BigBlueButton). The issue is an open redirect on the Login page caused by the unchecked value of the return_to cookie in versions prior to 2.13.0. A patch was released in 2.13.0 to fix this. The connected sources confirm the vulnerable component ...

9.1CVSS9AI score0.0041EPSS
CVE
CVE
added 2022/06/27 7:25 p.m.73 views

CVE-2022-31039

Greenlight (BigBlueButton frontend) is affected by CVE-2022-31039. In affected versions, an attacker can view any room’s settings without authorization, contrary to intended access control for room owners/administrators. The issue has been patched in release version 2.12.6. The CVSS details from ...

5.3CVSS4.7AI score0.00644EPSS
CVE
CVE
added 2024/04/25 8:36 p.m.69 views

CVE-2022-36028

Greenlight (BigBlueButton Web UI) is affected by an open redirect in the Login page due to unchecked value of the return_to cookie. Affected versions are prior to 2.13.0; version 2.13.0 includes a patch. The root cause is unvalidated/unchecked return_to cookie on login, enabling an attacker-contr...

9.1CVSS6.6AI score0.00362EPSS
CVE
CVE
added 2020/09/30 3:28 p.m.54 views

CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 is affected by an HTTP header (Host and Origin) input issue that enables account takeover when a user clicks a spoofed password‑reset link. Root cause: header handling allows spoofing of origins/hosts. Impact: potential account compromise; attacks require net...

8.8CVSS8.6AI score0.01531EPSS
CVE
CVE
added 2020/10/22 12:56 p.m.37 views

CVE-2020-27642

BigBlueButton Greenlight 2.7.6 is affected by a cross-site scripting (XSS) vulnerability in the merge account functionality implemented in admins.js. This is consistently described across multiple sources (CVE-2020-27642 and related records) as an XSS in the merge account path. The vulnerability ...

6.1CVSS5.9AI score0.00671EPSS