Описание
Cross-Site Scripting vulnerability
in BuddyBoss 2.2.9 version
, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:buddyboss:buddyboss:2.2.9:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 41%
0.0019
Низкий
9 Critical
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 9
github
больше 2 лет назад
Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.
EPSS
Процентиль: 41%
0.0019
Низкий
9 Critical
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79