Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hallowelt bluespice vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2510
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows malicious user to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.
Hallowelt Bluespice 4.1.0
Hallowelt Bluespice
NA
CVE-2022-3895
Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).
Hallowelt Bluespice
Hallowelt Common User Interface
NA
CVE-2022-42000
Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
Hallowelt Bluespice
NA
CVE-2022-42001
Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.
Hallowelt Bluespice
NA
CVE-2023-42431
Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.
Hallowelt Bluespice
NA
CVE-2022-2511
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an malicious user to inject arbitrary HTML into a page using the title parameter of the call URL.
Hallowelt Bluespice
NA
CVE-2022-41611
Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application.
Hallowelt Bluespice
NA
CVE-2022-41814
Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
Hallowelt Bluespice
NA
CVE-2022-3958
Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks.
Hallowelt Bluespice
NA
CVE-2022-41789
Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.
Hallowelt Bluespice
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »