4 matches found
Cross site scripting
Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "name=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is...
Authorization
Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification id...
CVE-2023-32669
CVE-2023-32669 describes an authorization bypass in BuddyBoss 2.2.9 . An authenticated user can change the album identifier (id) to access and rename other users’ photo albums, constituting a violation of access controls. Documented impact indicates that confidentiality and integrity could be aff...
PT-2023-23944 · Buddyboss · Buddyboss
Name of the Vulnerable Software and Affected Versions: BuddyBoss version 2.2.9 Description: The issue allows an authenticated user to access and rename other users' albums by exploiting an authorization bypass vulnerability. This can be done by changing the album identification id. Recommendation...