CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27608

In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.1%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2020-27608

Bigbluebutton » Bigbluebutton » Version: N/A

cpe:2.3:a:bigbluebutton:bigbluebutton:-
Bigbluebutton » Bigbluebutton » Version: 0.7

cpe:2.3:a:bigbluebutton:bigbluebutton:0.7
Bigbluebutton » Bigbluebutton » Version: 0.71

cpe:2.3:a:bigbluebutton:bigbluebutton:0.71
Bigbluebutton » Bigbluebutton » Version: 0.8

cpe:2.3:a:bigbluebutton:bigbluebutton:0.8
Bigbluebutton » Bigbluebutton » Version: 0.81

cpe:2.3:a:bigbluebutton:bigbluebutton:0.81
Bigbluebutton » Bigbluebutton » Version: 0.9.0

cpe:2.3:a:bigbluebutton:bigbluebutton:0.9.0
Bigbluebutton » Bigbluebutton » Version: 0.9.1

cpe:2.3:a:bigbluebutton:bigbluebutton:0.9.1
Bigbluebutton » Bigbluebutton » Version: 0.9.2

cpe:2.3:a:bigbluebutton:bigbluebutton:0.9.2
Bigbluebutton » Bigbluebutton » Version: 1.0.0

cpe:2.3:a:bigbluebutton:bigbluebutton:1.0.0
Bigbluebutton » Bigbluebutton » Version: 1.1.0

cpe:2.3:a:bigbluebutton:bigbluebutton:1.1.0
Bigbluebutton » Bigbluebutton » Version: 2.0

cpe:2.3:a:bigbluebutton:bigbluebutton:2.0
Bigbluebutton » Bigbluebutton » Version: 2.2.0

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.0
Bigbluebutton » Bigbluebutton » Version: 2.2.1

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.1
Bigbluebutton » Bigbluebutton » Version: 2.2.10

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.10
Bigbluebutton » Bigbluebutton » Version: 2.2.11

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.11
Bigbluebutton » Bigbluebutton » Version: 2.2.12

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.12
Bigbluebutton » Bigbluebutton » Version: 2.2.14

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.14
Bigbluebutton » Bigbluebutton » Version: 2.2.15

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.15
Bigbluebutton » Bigbluebutton » Version: 2.2.16

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.16
Bigbluebutton » Bigbluebutton » Version: 2.2.17

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.17
Bigbluebutton » Bigbluebutton » Version: 2.2.18

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.18
Bigbluebutton » Bigbluebutton » Version: 2.2.19

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.19
Bigbluebutton » Bigbluebutton » Version: 2.2.2

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.2
Bigbluebutton » Bigbluebutton » Version: 2.2.20

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.20
Bigbluebutton » Bigbluebutton » Version: 2.2.21

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.21
Bigbluebutton » Bigbluebutton » Version: 2.2.22

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.22
Bigbluebutton » Bigbluebutton » Version: 2.2.23

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.23
Bigbluebutton » Bigbluebutton » Version: 2.2.24

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.24
Bigbluebutton » Bigbluebutton » Version: 2.2.25

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.25
Bigbluebutton » Bigbluebutton » Version: 2.2.26

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.26
Bigbluebutton » Bigbluebutton » Version: 2.2.27

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.27
Bigbluebutton » Bigbluebutton » Version: 2.2.3

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.3
Bigbluebutton » Bigbluebutton » Version: 2.2.4

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.4
Bigbluebutton » Bigbluebutton » Version: 2.2.5

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.5
Bigbluebutton » Bigbluebutton » Version: 2.2.6

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.6
Bigbluebutton » Bigbluebutton » Version: 2.2.7

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.7
Bigbluebutton » Bigbluebutton » Version: 2.2.8

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.8
Bigbluebutton » Bigbluebutton » Version: 2.2.9

cpe:2.3:a:bigbluebutton:bigbluebutton:2.2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27608

Products

Pricing

Contact Us