CVE-2026-27737
Published
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
3
PROJECTS
Description
BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user's input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording. This issue has been fixed 3.0.19.
A complete web conferencing system for virtual classes and more!
GitHubGitHub