BigBlueButton < 2.2.4 – Reflected Cross-Site Scripting (XSS) | CVE 2020-12113

Affects Plugins

bigbluebutton

Fixed in 2.2.4

References

CVE

CVE-2020-12113

URL

https://github.com/bigbluebutton/bigbluebutton/releases/tag/v2.2.4

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Verified

No

WPVDB ID

6c35bdc8-cf30-4f31-bded-b7f84e7dec14

Timeline

Publicly Published

2020-04-09 (about 6 years ago)

Added

2020-04-28 (about 6 years ago)

Last Updated

2020-04-29 (about 6 years ago)

Other

Published

Title

Published

2025-01-16

Title

Custom Coming Soon <= 2.2 - Reflected Cross-Site Scripting

Published

2024-09-24

Title

OneElements – Best Elementor Addons <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Published

2022-12-23

Title

Easy Accordion < 2.2.0 - Contributor+ Stored XSS

Published

2023-06-05

Title

Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS

Published

2026-01-18

Title

XStore < 9.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting