Blackphantom

**Name of the Vulnerable Software and Affected Versions** madgicweb BuddyStream Plugin versions up to 3.2.7 **Description** A vulnerability was found in the madgicweb BuddyStream Plugin. It has been declared as problematic. The issue affects an unknown functionality of the file ShareBox.php. The manipulation of the `content/link/shares` argument leads to cross-site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. **Recommendations** For madgicweb BuddyStream Plugin versions up to 3.2.7, upgrade to version 3.2.8 to address the issue. As a temporary workaround, consider restricting access to the `ShareBox.php` file until the upgrade is applied. Avoid using the `content/link/shares` argument in the affected functionality until the issue is resolved.