Security Advisory

CVE-2023-42431

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-30 10:48:21

Last updated 2024-09-06 18:06:33

Assigner HW

State PUBLISHED

Description

Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.

← Browse all CVEs View on cve.org ↗