BuddyBoss Media <= 3.2.3 - Stored XSSSign up to our free email alerts service for instant vulnerability notifications!
The album description does not perform input / output validation. According to the researcher: No reply from vendor. Issue not patched. Vulnerability can be exploited by any user. Form not vulnerable to CSRF.
|Proof of Concept||
|OWASP Top 10||A3: Cross-Site Scripting (XSS)|
|Publicly Published||2018-01-17 (about 1 month ago)|
|Added||2018-01-22 (29 days ago)|
|Last Updated||2018-01-22 (29 days ago)|
Copyright & License
|Copyright||All data and resources contained within this page and this web site is Copyright © The WPScan Team.|
|License||Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.|