exploitDog

GHSA-qxv7-7h44-6g5h

Опубликовано: 03 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9

Описание

Cross-Site Scripting vulnerability

in BuddyBoss 2.2.9 version

, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.

Cross-Site Scripting vulnerability

in BuddyBoss 2.2.9 version

, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.

Ссылки

EPSS

Процентиль: 41%

0.0019

Низкий

9 Critical

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-32670

CVSS3: 9

nvd

больше 2 лет назад

Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.

EPSS

Процентиль: 41%

0.0019

Низкий

9 Critical

CVSS3

CVE ID

Дефекты

CWE-79