Lucene search
K

4 matches found

Prion
Prion
added 2023/10/03 1:15 p.m.18 views

Cross site scripting

Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "name=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is...

4.9CVSS5.4AI score0.00361EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/03 1:15 p.m.22 views

Authorization

Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification id...

5.5CVSS5.4AI score0.00297EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/03 12:23 p.m.57 views

CVE-2023-32669

CVE-2023-32669 describes an authorization bypass in BuddyBoss 2.2.9 . An authenticated user can change the album identifier (id) to access and rename other users’ photo albums, constituting a violation of access controls. Documented impact indicates that confidentiality and integrity could be aff...

5.4CVSS5.4AI score0.00297EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/03 12:0 a.m.7 views

PT-2023-23944 · Buddyboss · Buddyboss

Name of the Vulnerable Software and Affected Versions: BuddyBoss version 2.2.9 Description: The issue allows an authenticated user to access and rename other users' albums by exploiting an authorization bypass vulnerability. This can be done by changing the album identification id. Recommendation...

5.4CVSS5.3AI score0.00297EPSS
Exploits0References6
Rows per page
Query Builder