Lucene search
HistoryOct 30, 2023 - 11:15 a.m.
CVE-2023-42431
cve
2023
42431
cross-site scripting
xss
bluespiceavatars
bluespice
special:preferences
nvd
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.1%
Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.
Affected configurations
Node
halloweltbluespiceRange3.0–3.2.10.1
ORhalloweltbluespiceRange4.0–4.3.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| hallowelt:bluespice | hallowelt bluespice | lt | 3.2.10.1 |
| hallowelt:bluespice | hallowelt bluespice | lt | 4.3.3 |
CNA Affected
[
{
"defaultStatus": "affected",
"product": "BlueSpice",
"vendor": "Hallo Welt! GmbH",
"versions": [
{
"lessThanOrEqual": "4.3.2",
"status": "affected",
"version": "4",
"versionType": "major"
},
{
"lessThanOrEqual": "3.2.10",
"status": "affected",
"version": "3",
"versionType": "major"
}
]
}
]Related
prion
prion
Cross site scripting
2023-10-30 11:15:00
cvelist
cvelist
CVE-2023-42431 Potential XSS on user preferences page
2023-10-30 10:48:21
nvd
nvd
CVE-2023-42431
2023-10-30 11:15:39
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
14.1%
Related for CVE-2023-42431