CVE-2023-32671: BuddyBoss XSS vulnerability
First published: Tue Oct 03 2023(Updated: )
A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.
Credit: cve-coordination@incibe.es
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BuddyBoss | =2.2.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this stored XSS vulnerability?
The vulnerability ID is CVE-2023-32671.
What software is affected by this stored XSS vulnerability?
BuddyBoss Platform version 2.2.9 is affected by this vulnerability.
How does this vulnerability impact the affected software?
This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is medium, with a CVSS score of 5.4.
How can I fix this stored XSS vulnerability?
To fix this vulnerability, update BuddyBoss Platform to a version that is not affected, or apply the available security patch from the software vendor.
- agent/author
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/buddyboss
- canonical/buddyboss
- version/buddyboss/2.2.9