Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.
History

Thu, 19 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-10-03T12:25:05.203Z

Updated: 2024-09-19T19:51:45.995Z

Reserved: 2023-05-11T08:48:57.515Z

Link: CVE-2023-32670

cve-icon Vulnrichment

Updated: 2024-08-02T15:25:36.575Z

cve-icon NVD

Status : Modified

Published: 2023-10-03T13:15:10.147

Modified: 2024-11-21T08:03:49.000

Link: CVE-2023-32670

cve-icon Redhat

No data.