Vulnerabilities
Vulnerable Software
Hallowelt:  >> Bluespice  >> 3.0.1  Security Vulnerabilities
Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.
CVSS Score
2.1
EPSS Score
0.001
Published
2023-10-30
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-07-22
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.
CVSS Score
4.3
EPSS Score
0.006
Published
2022-07-22


Contact Us

Shodan ® - All rights reserved