{"uuid": "3871f952-4b22-40e2-b9b6-6f3b95e7f1f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27608", "type": "seen", "source": "https://t.me/cibsecurity/15459", "content": "\u203c CVE-2020-27608 \u203c\n\nIn BigBlueButton before 2.2.8 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-21T19:01:24.000000Z"}