mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
889 B
889 B
CVE-2023-32670
&color=brighgreen)
Description
Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.
POC
Reference
No PoCs from references.