CVE-2020-27608
CVE-2020-27608
In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →