Lucene search

[email protected]CVE-2023-32671

HistoryOct 03, 2023 - 1:15 p.m.

CVE-2023-32671

2023-10-0313:15:10

CWE-79

[email protected]

web.nvd.nist.gov

buddyboss platform

stored xss

vulnerability

version 2.2.9

javascript payload

post request

nvd

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.

Affected configurations

Vulners

NVD

Node

buddybossbuddybossRange≤2.2.9

VendorProductVersionCPE
buddybossbuddyboss*cpe:2.3:a:buddyboss:buddyboss:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
buddyboss	buddyboss	*	cpe:2.3:a:buddyboss:buddyboss::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BuddyBoss",
    "vendor": "BuddyBoss",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.9"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss