CVE-2020-27608

2020-10-2115:15:27

Google

osv.dev

bigbluebutton

security vulnerability

xss

content-type

presentation

html document

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

37.3%

JSON

In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.

References

www.golem.de/news/big-blue-button-das-grosse-blaue-sicherheitsrisiko-2010-151610.html