Vulnerabilities > Hallowelt > Bluespice > 3.2.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-30 | CVE-2023-42431 | Cross-site Scripting vulnerability in Hallowelt Bluespice Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. | 5.4 |
| 2022-07-22 | CVE-2022-2511 | Cross-site Scripting vulnerability in Hallowelt Bluespice Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL. | 6.1 |