CVE-2023-42431

Cross-site Scripting XSS vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context...

DEBIAN-CVE-2014-7295

The 1 Special:Preferences and 2 Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting XSS attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying...