{"vulnerability": "CVE-2020-2760", "sightings": [{"uuid": "f2b14d95-981c-419e-a0ce-f91e4433c1b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-2760", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02", "content": "", "creation_timestamp": "2026-01-27T11:00:00.000000Z"}, {"uuid": "c98b53e5-123c-41d8-8c0e-0556363b12a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27602", "type": "seen", "source": "https://t.me/cibsecurity/50706", "content": "\u203c CVE-2020-27602 \u203c\n\nBigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-29T07:50:57.000000Z"}, {"uuid": "af566864-37ba-441b-b2c3-0c13ad31c42f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27601", "type": "seen", "source": "https://t.me/cibsecurity/50673", "content": "\u203c CVE-2020-27601 \u203c\n\nIn BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-29T07:44:54.000000Z"}, {"uuid": "17e1c4f8-fdca-4af6-89b6-59e10cba51ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27603", "type": "seen", "source": "https://t.me/cibsecurity/15449", "content": "\u203c CVE-2020-27603 \u203c\n\nBigBlueButton before 2.2.7 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-21T19:01:13.000000Z"}, {"uuid": "3871f952-4b22-40e2-b9b6-6f3b95e7f1f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27608", "type": "seen", "source": "https://t.me/cibsecurity/15459", "content": "\u203c CVE-2020-27608 \u203c\n\nIn BigBlueButton before 2.2.8 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-21T19:01:24.000000Z"}]}