CVE-2020-12113

2020-04-2318:15:11

Google

osv.dev

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.9%

JSON

BigBlueButton before 2.2.4 allows XSS via closed captions because dangerouslySetInnerHTML in React is used.

CPENameOperatorVersion
bigbluebuttoneq0.8b4
bigbluebuttoneq2.2-beta-2
bigbluebuttoneq2.0-rc7
bigbluebuttoneq2.2-beta-17
bigbluebuttoneq0.81-dev-deskshare-fixes-compatible-with-0.8
bigbluebuttoneqpre-recording-merge
bigbluebuttoneq0.9.2
bigbluebuttoneq2.0-rc4
bigbluebuttoneq2.2-beta-11
bigbluebuttoneq2.2-beta-4

Name	Operator	Version
bigbluebutton	eq	0.8b4
bigbluebutton	eq	2.2-beta-2
bigbluebutton	eq	2.0-rc7
bigbluebutton	eq	2.2-beta-17
bigbluebutton	eq	0.81-dev-deskshare-fixes-compatible-with-0.8
bigbluebutton	eq	pre-recording-merge
bigbluebutton	eq	0.9.2
bigbluebutton	eq	2.0-rc4
bigbluebutton	eq	2.2-beta-11
bigbluebutton	eq	2.2-beta-4