Loading
Generated remediation guidance and an executive summary. No account required.
BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.
Cite this page
CVE-2022-31065. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2022-31065
Use CWE-79, Bigbluebutton vendor hub and Bigbluebutton product page to widen CVE-2022-31065 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-61602, CVE-2025-61601 and CVE-2026-27466 for nearby disclosures in the same product family.