4 matches found
CVE-2025-48007
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceAvatars allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...
CVE-2023-42431
Cross-site Scripting XSS vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context...
PT-2023-28337 · Bluespice · Bluespice
Name of the Vulnerable Software and Affected Versions: BlueSpice affected versions not specified Description: A Cross-site Scripting XSS issue in the BlueSpiceAvatars extension of BlueSpice allows a logged-in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This...
BlueSpice Security Vulnerabilities
BlueSpice is free Wiki software from BlueSpice based on the MediaWiki engine. A security vulnerability exists in BlueSpice, which stems from a cross-site scripting XSS vulnerability in the BlueSpiceAvatars extension. The vulnerability can be exploited to inject arbitrary HTML code into the profil...