CVE-2023-42431
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-42431 is a Cross-site Scripting (XSS) vulnerability discovered in the BlueSpiceAvatars extension of BlueSpice wiki software. A logged-in user can exploit this weakness by injecting arbitrary HTML code into the profile image dialog accessible through Special:Preferences. This issue only affects the user context and does not pose a threat to anonymous users. Successful exploitation could lead to unintended execution of malicious scripts and potential data theft or unauthorized actions. Users are advised to update their BlueSpice installations as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Hallowelt Bluespice
Affected Vendors
- Hallo Welt