CVE-2023-43797

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 2.6.11 BigBlueButton versions prior to 2.7.0-beta.3

Description The issue affects BigBlueButton, an open-source virtual classroom, where the Guest Lobby is vulnerable to cross-site scripting. This occurs when users wait to enter a meeting due to the insertion of unsanitized messages into an element using unsafe innerHTML. The vulnerability is addressed by adding text sanitizing for lobby messages.

Recommendations For BigBlueButton versions prior to 2.6.11, update to version 2.6.11 or later to resolve the issue. For BigBlueButton versions prior to 2.7.0-beta.3, update to version 2.7.0-beta.3 or later to resolve the issue.