Vulnerabilities > Bigbluebutton > Bigbluebutton > 0.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-30 | CVE-2023-43797 | Cross-site Scripting vulnerability in Bigbluebutton BigBlueButton is an open-source virtual classroom. | 5.4 |
| 2023-10-30 | CVE-2023-43798 | Server-Side Request Forgery (SSRF) vulnerability in Bigbluebutton BigBlueButton is an open-source virtual classroom. | 5.4 |
| 2023-10-30 | CVE-2023-42803 | Unrestricted Upload of File with Dangerous Type vulnerability in Bigbluebutton BigBlueButton is an open-source virtual classroom. | 8.8 |
| 2023-10-30 | CVE-2023-42804 | Path Traversal vulnerability in Bigbluebutton BigBlueButton is an open-source virtual classroom. | 5.3 |
| 2023-06-26 | CVE-2023-33176 | Server-Side Request Forgery (SSRF) vulnerability in Bigbluebutton BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. | 6.5 |
| 2022-12-17 | CVE-2022-23488 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 7.5 |
| 2022-12-16 | CVE-2022-23490 | Incorrect Authorization vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. | 4.3 |
| 2022-09-29 | CVE-2020-27601 | Exposure of Resource to Wrong Sphere vulnerability in Bigbluebutton In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. | 3.5 |
| 2022-09-29 | CVE-2020-27602 | Injection vulnerability in Bigbluebutton BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. | 9.8 |
| 2022-06-24 | CVE-2022-27238 | Cross-site Scripting vulnerability in Bigbluebutton BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. | 3.5 |