CVE-2023-32671

Name of the Vulnerable Software and Affected Versions BuddyBoss Platform version 2.2.9

Description A stored XSS issue has been found, allowing an attacker to store a malicious javascript payload via a POST request when sending an invitation. This enables the attacker to execute malicious code on the platform.

Recommendations For version 2.2.9, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting the ability to send invitations or disabling the invitation feature until a patch is available. Avoid using the vulnerable functionality until the issue is resolved.