Multiple vulnerabilities in BudyBoss
Posted date 30/05/2023
Identificador
INCIBE-2023-0197
Importance
5 - Critical
Affected Resources
WordPress sites using BuddyBoss Platform version 2.2.9.
Description
INCIBE has coordinated the publication of 3 vulnerabilities in BuddyBoss Platform, which has been discovered by Anxo Januario Gonzales.
These vulnerabilities have been assigned the following codes:
- CVE-2023-32669:
- CVSS v3.1 base score: 5,4.
- CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.
- Vulnerability type: CWE-639: authorization bypass through user-controlled Key
- CVE-2023-32670:
- CVSS v3.1 base score: 9,0.
- CVSS vector string: AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.
- Vulnerability type: CWE-79: improper neutralization of input during web page generation ('Cross-site Scripting').
- CVE-2023-32671:
- CVSS v3.1 base score: 6,3.
- CVSS vector string: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N.
- Vulnerability type: CWE-79: improper neutralization of input during web page generation ('Cross-site Scripting').
Solution
No solution has been identified at this time.
Detail
- CVE-2023-32669: authorization bypass vulnerability, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).
- CVE-2023-32670: Cross-Site Scripting vulnerability, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.
- CVE-2023-32671: Stored Cross-Site Scripting vulnerability, the exploitation of which could allow an attacker to store a malicious javascript payload via a POST request when sending an invitation to another user.
References list
Etiquetas
