| Added |
CPE Configuration |
|
OR
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.3.0:*:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:*:*:*:*:*:*:*:* versions from (including) 2.4 up to (excluding) 2.4.8
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.4.9:*:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha1:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha2:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha3:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha4:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha5:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:alpha6:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:beta1:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:beta2:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:rc.1:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:rc.2:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:rc.3:*:*:*:*:*:*
*cpe:2.3:a:bigbluebutton:bigbluebutton:2.5:rc.4:*:*:*:*:*:*
|
| Added |
CVSS V2 |
|
NIST (AV:N/AC:H/Au:S/C:N/I:P/A:N)
|
| Added |
CVSS V2 Metadata |
|
Victim must voluntarily interact with attack mechanism
|
| Added |
CVSS V3.1 |
|
NIST AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| Changed |
Reference Type |
http://packetstormsecurity.com/files/167682/BigBlueButton-2.3-2.4.7-Cross-Site-Scripting.html No Types Assigned
|
http://packetstormsecurity.com/files/167682/BigBlueButton-2.3-2.4.7-Cross-Site-Scripting.html Exploit, Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://seclists.org/fulldisclosure/2022/Jun/52 No Types Assigned
|
http://seclists.org/fulldisclosure/2022/Jun/52 Exploit, Mailing List, Third Party Advisory
|
| Changed |
Reference Type |
https://github.com/bigbluebutton/bigbluebutton/pull/15067 No Types Assigned
|
https://github.com/bigbluebutton/bigbluebutton/pull/15067 Patch, Release Notes, Third Party Advisory
|
| Changed |
Reference Type |
https://github.com/bigbluebutton/bigbluebutton/pull/15090 No Types Assigned
|
https://github.com/bigbluebutton/bigbluebutton/pull/15090 Patch, Third Party Advisory
|
| Changed |
Reference Type |
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-hwv2-5pf5-hr87 No Types Assigned
|
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-hwv2-5pf5-hr87 Patch, Third Party Advisory
|
| Changed |
Reference Type |
https://pentests.nl/pentest-blog/stored-xss-in-bigbluebutton/ No Types Assigned
|
https://pentests.nl/pentest-blog/stored-xss-in-bigbluebutton/ Exploit, Third Party Advisory
|
) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
