Vulnerabilities > Bigbluebutton
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-21 | CVE-2020-27604 | Improper Encoding or Escaping of Output vulnerability in Bigbluebutton BigBlueButton before 2.3 does not implement LibreOffice sandboxing. | 6.5 |
| 2020-10-21 | CVE-2020-27603 | Unspecified vulnerability in Bigbluebutton BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. | 7.5 |
| 2020-10-21 | CVE-2020-25820 | Server-Side Request Forgery (SSRF) vulnerability in Bigbluebutton BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field. | 6.5 |
| 2020-09-30 | CVE-2020-26163 | Unspecified vulnerability in Bigbluebutton Greenlight BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. | 8.8 |
| 2020-04-29 | CVE-2020-12443 | Path Traversal vulnerability in Bigbluebutton BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. | 9.8 |
| 2020-04-23 | CVE-2020-12113 | Cross-site Scripting vulnerability in Bigbluebutton BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used. | 6.1 |
| 2020-04-23 | CVE-2020-12112 | Path Traversal vulnerability in Bigbluebutton BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion. | 7.5 |