Vulnerabilities > Buddyboss > Buddyboss > 2.2.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-03 | CVE-2023-32669 | Authorization Bypass Through User-Controlled Key vulnerability in Buddyboss 2.2.9 Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. | 5.4 |
| 2023-10-03 | CVE-2023-32670 | Cross-site Scripting vulnerability in Buddyboss 2.2.9 Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded. | 5.4 |
| 2023-10-03 | CVE-2023-32671 | Cross-site Scripting vulnerability in Buddyboss 2.2.9 A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. | 5.4 |