Vulnerabilities > Bigbluebutton > Low

DATE CVE VULNERABILITY TITLE RISK
2022-12-16 CVE-2022-41962 Incorrect Authorization vulnerability in Bigbluebutton 2.4
BigBlueButton is an open source web conferencing system.
network
low complexity
bigbluebutton CWE-863
2.7
2.7
2022-09-29 CVE-2020-27601 Exposure of Resource to Wrong Sphere vulnerability in Bigbluebutton
In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats.
network
low complexity
bigbluebutton CWE-668
3.5
3.5
2022-06-27 CVE-2022-31064 Cross-site Scripting vulnerability in Bigbluebutton
BigBlueButton is an open source web conferencing system.
network
high complexity
bigbluebutton CWE-79
2.1
2.1
2022-06-24 CVE-2022-27238 Cross-site Scripting vulnerability in Bigbluebutton
BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. 		3.5
3.5