Security Advisory

CVE-2020-27608

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-21 14:07:51

Last updated 2024-08-04 16:18:44

Assigner mitre

State PUBLISHED

Description

In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.

← Browse all CVEs View on cve.org ↗