CVE-2023-42431

Cross-site Scripting XSS vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context...

Cross site scripting

Cross-site Scripting XSS vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context...

CVE-2023-42431

BlueSpice with the BlueSpiceAvatars extension is affected by a Cross-site Scripting (XSS) vulnerability in the profile image dialog on Special:Preferences for logged-in users. The issue arises in the genuine user context and can allow injection of arbitrary HTML. The connected documents do not pr...

CVE-2023-42431 Potential XSS on user preferences page

Cross-site Scripting XSS vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context...

Cross site scripting

The 1 Special:Preferences and 2 Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting XSS attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying...

CVE-2014-7295

The CVE-2014-7295 entry affects MediaWiki; remote authenticated users could trigger cross-site scripting via crafted CSS on Special:Preferences and Special:UserLogin in affected branches (before 1.19.20, 1.22.x before 1.22.12, and 1.23.x before 1.23.5). The issue arises from CSS-based injection (...