CVE-2022-31064
27.06.2022, 20:15
BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.
| Vendor | Product | Version |
|---|---|---|
| bigbluebutton | bigbluebutton | 2.4 ≤ 𝑥 < 2.4.8 |
| bigbluebutton | bigbluebutton | 2.3.0 |
| bigbluebutton | bigbluebutton | 2.4.9 |
| bigbluebutton | bigbluebutton | 2.5:alpha1 |
| bigbluebutton | bigbluebutton | 2.5:alpha2 |
| bigbluebutton | bigbluebutton | 2.5:alpha3 |
| bigbluebutton | bigbluebutton | 2.5:alpha4 |
| bigbluebutton | bigbluebutton | 2.5:alpha5 |
| bigbluebutton | bigbluebutton | 2.5:alpha6 |
| bigbluebutton | bigbluebutton | 2.5:beta1 |
| bigbluebutton | bigbluebutton | 2.5:beta2 |
| bigbluebutton | bigbluebutton | 2.5:rc.1 |
| bigbluebutton | bigbluebutton | 2.5:rc.2 |
| bigbluebutton | bigbluebutton | 2.5:rc.3 |
| bigbluebutton | bigbluebutton | 2.5:rc.4 |
𝑥
= Vulnerable software versions
References