Security Advisory

CVE-2022-26497

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-06-02 00:00:00
Last updated 2024-08-03 05:03:32
Assigner mitre
State PUBLISHED

Description

BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously.