Hallowelt - Bluespice CVE

Filtered by vendor Hallowelt Subscribe

Filtered by product Bluespice

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-2510	1 Hallowelt	1 Bluespice	2022-07-28	N/A	6.1 MEDIUM
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.
CVE-2022-2511	1 Hallowelt	1 Bluespice	2022-07-27	N/A	6.1 MEDIUM
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.

Vulnerabilities (CVE)