6 matches found
CVE-2024-13859
The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bpnouveauajaxmediasave’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-13860
The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbptopictitle’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-13860
The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbptopictitle’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-13860
BuddyBoss Platform WordPress plugin
CVE-2024-13858 BuddyBoss Platform and BuddyBoss Theme <= Multiple Versions - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name'
The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘inviteename’ parameter in all versions up to, and including, 2.8.50 and 2.8.41, respectively, due to insufficient input sanitization and output escaping. This makes it possible fo...
Fedora 28 : php-symfony (2018-eba0006df2)
Version 2.8.41 2018-05-25 - bug 27359 HttpFoundation Fix perf issue during MimeTypeGuesser intialization nicolas-grekas - security cve-2018-11408 SecurityBundle Fail if security.httputils cannot be configured - security cve-2018-11406 clear CSRF tokens when the user is logged out - security...