Skip to main content

Greenlight

4 CVEs product

Monthly

CVE-2022-31039 MEDIUM PATCH This Month

Greenlight is a simple front-end interface for your BigBlueButton server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Greenlight
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-26497 MEDIUM POC PATCH This Month

BigBlueButton Greenlight 2.11.1 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Greenlight
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-27642 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Greenlight
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-26163 HIGH POC PATCH This Week

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Greenlight
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Greenlight is a simple front-end interface for your BigBlueButton server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Greenlight
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

BigBlueButton Greenlight 2.11.1 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Greenlight
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Greenlight
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Greenlight
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy