CVE-2026-27737 – BigBlueButton has Stored XSS in bbb-playback replay

CVE ID :CVE-2026-27737

Published : May 18, 2026, 10:16 p.m. | 43 minutes ago

Description :BigBlueButton is an open-source virtual classroom. In versions prior to 3.0.19, the recording playback (presentation format) was not sanitizing user’s input in public chat. This allowed for a malicious actor to craft and carry out a targeted XSS attack, activated on anyone replaying the recording. This issue has been fixed 3.0.19.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-30950 – AutoGPT has Authenticated Session Hijacking via IDOR

CVE-2026-27964 – FacturaScripts: Reflected Cross-Site Scripting (XSS) via Cookie Manipulation

CVE-2026-27892 – FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

CVE-2026-27891 – Remote Code Execution (RCE) via Zip Slip in Plugin Upload Mechanism