BlueSpice
by BlueSpice
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-42000 | Low | 0.21 | 3.3 | 0.00 | Nov 15, 2022 | Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. | ||
| CVE-2022-41814 | Low | 0.21 | 3.3 | 0.00 | Nov 15, 2022 | Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage. | ||
| CVE-2022-3893 | Low | 0.15 | 2.3 | 0.00 | Nov 15, 2022 | Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application. | ||
| CVE-2023-42431 | Low | 0.14 | 2.1 | 0.00 | Oct 30, 2023 | Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context. |
- risk 0.21cvss 3.3epss 0.00
Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
- risk 0.21cvss 3.3epss 0.00
Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
- risk 0.15cvss 2.3epss 0.00
Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application.
- risk 0.14cvss 2.1epss 0.00
Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.