Medium severity5.4NVD Advisory· Published Jun 2, 2022· Updated Jun 17, 2026
CVE-2022-26497
CVE-2022-26497
Description
BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- BigBlueButton/Greenlightdescription
- Range: = 2.11.1
Patches
Vulnerability mechanics
References
3- www.mgm-sp.com/en/cve-2022-26497-bigbluebutton-greenlight-xss/nvdPatchThird Party Advisory
- github.com/bigbluebutton/greenlight/blob/master/app/assets/javascripts/room.jsnvdExploitThird Party Advisory
- packetstormsecurity.com/files/172143/Shannon-Baseband-acfg-pcfg-SDP-Attribute-Memory-Corruption.htmlnvd
News mentions
0No linked articles in our index yet.