Vulnerabilities > Hallowelt > Bluespice > 3.1.6

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-42431 Cross-site Scripting vulnerability in Hallowelt Bluespice
Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences.
network
low complexity
hallowelt CWE-79
5.4
5.4
2022-07-22 CVE-2022-2510 Cross-site Scripting vulnerability in Hallowelt Bluespice
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.
network
low complexity
hallowelt CWE-79
6.1
6.1
2022-07-22 CVE-2022-2511 Cross-site Scripting vulnerability in Hallowelt Bluespice
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.
network
low complexity
hallowelt CWE-79
6.1
6.1