5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.9%
BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.
github.com/bigbluebutton/bigbluebutton/pull/9017
github.com/bigbluebutton/bigbluebutton/releases/tag/v2.2.4
www.sakshamanand.com/cve-2020-12113/