PT-2023-28337 · Bluespice · Bluespice

Name of the Vulnerable Software and Affected Versions: BlueSpice affected versions not specified Description: A Cross-site Scripting XSS issue in the BlueSpiceAvatars extension of BlueSpice allows a logged-in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This...