Cross site scripting in username that will trigger by sending chat

BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

BigBlueButton 跨站脚本漏洞

BigBlueButton是BigBlueButton社区的一套开源的Web会议系统。 BigBlueButton 2.4.8 之前版本和 2.5.0 之前版本存在跨站脚本漏洞，该漏洞源于启用私人聊天的会议中的用户容易受到跨站脚本攻击。

N/A

N/A