CVE-2022-26497
Summary
| CVE | CVE-2022-26497 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-06-02 18:15:00 UTC |
| Updated | 2023-05-04 17:15:00 UTC |
| Description | BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Bigbluebutton | Greenlight | 2.11.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2022-26497: BigBlueButton Greenlight XSS | MISC | www.mgm-sp.com | |
| greenlight/room.js at master · bigbluebutton/greenlight · GitHub | MISC | github.com | |
| Shannon Baseband acfg / pcfg SDP Attribute Memory Corruption ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.