Bigbluebutton Greenlight — known CVE vulnerabilities
Every CVE whose affected-product data names Bigbluebutton Greenlight, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2022-36028 — CVSS 9.1 (critical): Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login…
CVE-2022-36029 — CVSS 9.1 (critical): Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login…
CVE-2020-26163 — CVSS 8.8 (high): BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim…
CVE-2020-27642 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.
CVE-2022-26497 — CVSS 5.4 (medium): BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed…
CVE-2022-31039 — CVSS 4.3 (medium): Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings…