Thm Pilos
5 CVEs affecting Thm Pilos. Latest disclosed: 2026-01-12. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-47107 | High | 8.8 | 2023-11-08 | PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname… |
CVE-2025-62523 | Medium | 6.3 | 2025-10-27 | PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 includes a Cross-Origin Resource Sharing (CORS) misco… |
CVE-2025-62524 | Medium | 5.3 | 2025-10-27 | PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header… |
CVE-2025-62781 | Medium | 5.0 | 2025-10-27 | PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password whi… |
CVE-2026-22800 | Low | 2.4 | 2026-01-12 | PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerability exists… |