BigBlueButton Cross-site-scripting vulnerability
mgm security partners found this vulnerability during a security analysis of the BigBlueButton software ordered by the Federal Office for Information Security in Germany (BSI).
- 17 March 2022: the vulnerability was reported to the BigBlueButton developer team
- 8 April 2022: reported vulnerability was patched in BigBlueButton 2.5
- May 2022: the patch was backported to BigBlueButton 2.4