Loading
Generated remediation guidance and an executive summary. No account required.
BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.
Cite this page
CVE-2022-31064. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2022-31064
Use CWE-79, Bigbluebutton vendor hub and Bigbluebutton product page to widen CVE-2022-31064 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-61602, CVE-2025-61601 and CVE-2026-27466 for nearby disclosures in the same product family.