Vulnerabilities > Bigbluebutton > Greenlight > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-27 CVE-2022-31039 Incorrect Authorization vulnerability in Bigbluebutton Greenlight
Greenlight is a simple front-end interface for your BigBlueButton server.
network
low complexity
bigbluebutton CWE-863
5.0
2022-06-02 CVE-2022-26497 Cross-site Scripting vulnerability in Bigbluebutton Greenlight 2.11.1
BigBlueButton Greenlight 2.11.1 allows XSS.
network
low complexity
bigbluebutton CWE-79
5.4
2020-10-22 CVE-2020-27642 Cross-site Scripting vulnerability in Bigbluebutton Greenlight 2.7.6
A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.
4.3
2020-09-30 CVE-2020-26163 Unspecified vulnerability in Bigbluebutton Greenlight
BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.
network
bigbluebutton
6.8