Read Time:22 Second
Posted by Rick Verdoes via Fulldisclosure on Jun 30
CVE-2022-31064 – Stored Cross-Site Scripting in BigBlueButton.
=========================
Exploit Title: Stored Cross-Site Scripting (XSS) in BigBlueButton
Product: BigBlueButton
Vendor: BigBlueButton
Vulnerable Versions: 2.3, <2.4.8, <2.5.0
Tested Version: 2.4.7
Advisory Publication: Jun 22, 2022
Latest Update: Jun 22, 2022
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2022-31064
CVSS Severity: High
CVSS…