Vulnerabilities > Bigbluebutton

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-02	CVE-2022-29236	Improper Authorization vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. network low complexity bigbluebutton CWE-285	4.3
2022-06-01	CVE-2022-29169	Unspecified vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. network low complexity bigbluebutton	7.5
2022-06-01	CVE-2022-29232	Information Exposure vulnerability in Bigbluebutton BigBlueButton is an open source web conferencing system. network low complexity bigbluebutton CWE-200	4.0
2022-01-19	CVE-2021-4143	Cross-site Scripting vulnerability in Bigbluebutton Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0. network bigbluebutton CWE-79	4.3
2020-11-26	CVE-2020-29043	Missing Authorization vulnerability in Bigbluebutton An issue was discovered in BigBlueButton through 2.2.29. network low complexity bigbluebutton CWE-862	5.0
2020-11-26	CVE-2020-29042	Improper Restriction of Excessive Authentication Attempts vulnerability in Bigbluebutton An issue was discovered in BigBlueButton through 2.2.29. network bigbluebutton CWE-307	4.3
2020-11-19	CVE-2020-28954	Improper Encoding or Escaping of Output vulnerability in Bigbluebutton web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. network low complexity bigbluebutton CWE-116	5.0
2020-11-19	CVE-2020-28953	Incorrect Permission Assignment for Critical Resource vulnerability in Bigbluebutton In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. network low complexity bigbluebutton CWE-732	4.0
2020-10-22	CVE-2020-27642	Cross-site Scripting vulnerability in Bigbluebutton Greenlight 2.7.6 A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. network bigbluebutton CWE-79	4.3
2020-10-21	CVE-2020-27613	Cleartext Storage of Sensitive Information vulnerability in Bigbluebutton The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. local low complexity bigbluebutton CWE-312	4.6

Vulnerabilities > Bigbluebutton {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Bigbluebutton"}]}

Vulnerabilities > Bigbluebutton