PT-2022-20502 · Unknown · Bigbluebutton

Published

2022-06-27

Updated

2022-07-07

CVE-2022-31065

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions BigBlueButton versions prior to 2.4.8 BigBlueButton versions prior to 2.5.0

Description BigBlueButton is an open source web conferencing system. In affected versions, an attacker can embed malicious JavaScript in their username and have it executed on the victim's client. This occurs when a user receives a private chat from the attacker or when the victim receives a notification that the attacker has left the session.

Recommendations For versions prior to 2.4.8, update to version 2.4.8 or later. For versions prior to 2.5.0, update to version 2.5.0 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-31065

GHSA-8M2P-7QV3-QFF7

Affected Products

Bigbluebutton

PT-2022-20502 · Unknown · Bigbluebutton

CVE-2022-31065

Weakness Enumeration

Related Identifiers

Affected Products

References · 8