2 matches found
CVE-2023-32670
Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "name=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is...
CVE-2023-32670
CVE-2023-32670 affects BuddyBoss 2.2.9 with a Cross-Site Scripting flaw exploitable via the name parameter (name=image.jpg). A local attacker with basic privileges can set a persistent JavaScript payload that runs when the associated image loads. The PT-2023-23946 entry confirms the same vector a...