Vulnerabilities > Hallowelt > Bluespice > 4.2.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-30 | CVE-2023-42431 | Cross-site Scripting vulnerability in Hallowelt Bluespice Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. | 5.4 |