CVE Daily – Greenlight (High+Critical) https://cvedaily.com/pages/tags/greenlight.html CVE Daily – Greenlight (High+Critical) en Wed, 03 Jun 2026 21:27:08 +0000 [Critical] CVE-2022-36029 – Greenlight is an end-user interface for BigBlueButton servers. Versions prior to... https://nvd.nist.gov/vuln/detail/CVE-2022-36029 https://nvd.nist.gov/vuln/detail/CVE-2022-36029 Thu, 25 Apr 2024 21:15:46 +0000 Critical CVE-2022-36029

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.

CVSS: 9.1 · CWE: CWE-601

View on NVD

]]> [Critical] CVE-2022-36028 – Greenlight is an end-user interface for BigBlueButton servers. Versions prior to... https://nvd.nist.gov/vuln/detail/CVE-2022-36028 https://nvd.nist.gov/vuln/detail/CVE-2022-36028 Thu, 25 Apr 2024 21:15:46 +0000 Critical CVE-2022-36028

Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue.

CVSS: 9.1 · CWE: CWE-601

View on NVD

]]> [High] CVE-2020-26163 – BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attac... https://nvd.nist.gov/vuln/detail/CVE-2020-26163 https://nvd.nist.gov/vuln/detail/CVE-2020-26163 Wed, 30 Sep 2020 18:15:27 +0000 High CVE-2020-26163

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.

CVSS: 8.8 · CWE: N/A

View on NVD

]]>