Security Advisory

CVE-2023-32670

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-03 12:25:05

Last updated 2024-09-19 19:51:45

Assigner INCIBE

State PUBLISHED

Description

Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.

← Browse all CVEs View on cve.org ↗