Skip to main content

Scalite

1 CVEs product

Monthly

CVE-2026-27737 MEDIUM PATCH This Month

Stored XSS in BigBlueButton's bbb-playback recording component (versions prior to 3.0.19) allowed authenticated meeting participants to inject malicious scripts via public chat that execute silently against any user who later views the session recording in presentation format. The React component rendered chat messages via dangerouslySetInnerHTML without sanitization, meaning UI:N - no victim interaction beyond loading the recording URL was required to trigger execution. No public exploit identified at time of analysis; not listed in CISA KEV.

XSS Bigbluebutton Scalite Bbb Playback
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Stored XSS in BigBlueButton's bbb-playback recording component (versions prior to 3.0.19) allowed authenticated meeting participants to inject malicious scripts via public chat that execute silently against any user who later views the session recording in presentation format. The React component rendered chat messages via dangerouslySetInnerHTML without sanitization, meaning UI:N - no victim interaction beyond loading the recording URL was required to trigger execution. No public exploit identified at time of analysis; not listed in CISA KEV.

XSS Bigbluebutton Scalite +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy