Unrated severityNVD Advisory· Published Oct 21, 2020· Updated Aug 4, 2024
CVE-2020-27608
CVE-2020-27608
Description
In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- BigBlueButton/BigBlueButtondescription
- Range: <2.2.28
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.