Hallowelt CVEs and Security Vulnerabilities

Filtered by vendor Hallowelt Subscriptions

Search

Switch to Advanced Search (Beta)

Total 11 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-42431	1 Hallowelt	1 Bluespice	2024-11-21	2.1 Low
Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.
CVE-2022-42001	1 Hallowelt	1 Bluespice	2024-11-21	3.3 Low
Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.
CVE-2022-42000	1 Hallowelt	1 Bluespice	2024-11-21	3.3 Low
Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
CVE-2022-41814	1 Hallowelt	1 Bluespice	2024-11-21	3.3 Low
Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
CVE-2022-41789	1 Hallowelt	1 Bluespice	2024-11-21	3.3 Low
Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.
CVE-2022-41611	1 Hallowelt	1 Bluespice	2024-11-21	2.3 Low
Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application.
CVE-2022-3958	1 Hallowelt	1 Bluespice	2024-11-21	3.3 Low
Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks.
CVE-2022-3895	1 Hallowelt	2 Bluespice, Common User Interface	2024-11-21	4 Medium
Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).
CVE-2022-3893	1 Hallowelt	1 Bluespice	2024-11-21	2.3 Low
Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application.
CVE-2022-2511	1 Hallowelt	1 Bluespice	2024-11-21	4.3 Medium
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.
CVE-2022-2510	1 Hallowelt	1 Bluespice	2024-11-21	4.3 Medium
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.

Page 1 of 1.