CVE-2020-27608
BigBlueButton vulnerability CVE-2020-27608 affects versions prior to 2.2.28. The issue stems from uploaded presentations being sent to clients without a Content-Type header, enabling cross-site scripting (XSS) evidenced by a .png file extension used for an HTML document. Impact is limited to XSS ...