Security – Saksham Anand

28/10/202002/12/2020

Unvalidated Redirect Through HTML Viewer – Element Messenger

Element (formerly Riot and Vector) is an open source instant messaging application implemented over the Matrix protocol. Matrix is known for supporting end-to-end encryption and the application itself is available for various platforms, including Desktop, Mobile and Web. This post will only be addressing the mobile version, which contained the vulnerability at the time this was written.
Continue reading “Unvalidated Redirect Through HTML Viewer – Element Messenger”

18/06/202018/06/2020

CVE-2020-12113 | Closed Captions XSS – BigBlueButton

Back in April, as part of my penetration testing project at Catalyst IT, I conducted a test on an open source video conferencing system known as the BigBlueButton, an open source challenger to Zoom.

Continue reading “CVE-2020-12113 | Closed Captions XSS – BigBlueButton”

25/05/202002/10/2020

CVE-2020-26163 | Host Header Injection – BigBlueButton

I often conduct penetration tests on various systems and processes. Back in April, one of the systems I was testing was a video conferencing application, known as BigBlueButton, an open source challenger to Zoom.

Continue reading “CVE-2020-26163 | Host Header Injection – BigBlueButton”