BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby messages starting in versions 2.6.11 and 2.7.0-beta.3. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/bigbluebutton/bigbluebutton/commit/304bc851a00558f99a908880f4ac44234a074c9d | Patch Third Party Advisory |
https://github.com/bigbluebutton/bigbluebutton/pull/18392 | Third Party Advisory |
https://github.com/bigbluebutton/bigbluebutton/security/advisories/GHSA-v6wg-q866-h73x | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-30T22:18:11.821Z
Updated: 2023-10-30T22:22:40.879Z
Reserved: 2023-09-22T14:51:42.339Z
Link: CVE-2023-43797
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-30T23:15:08.317
Modified: 2023-11-07T23:08:05.587
Link: CVE-2023-43797
JSON object: View
Redhat Information
No data.
CWE