Lucene search

INCIBECVELIST:CVE-2023-32671

HistoryOct 03, 2023 - 12:26 p.m.

CVE-2023-32671 BuddyBoss XSS vulnerability

2023-10-0312:26:44

CWE-79

INCIBE

www.cve.org

buddyboss platform

xss

vulnerability

post request

invitation

javascript payload

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

EPSS

0.001

Percentile

18.6%

JSON

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BuddyBoss",
    "vendor": "BuddyBoss",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.9"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss