Security:Security Advisories/BSSA-2022-04: Difference between revisions

VisualWikitext
No edit summary
No edit summary
Tag: 2017 source edit
 
(One intermediate revision by the same user not shown)
Line 5: Line 5:
|-
|-
|Date
|Date
|2022-11-08
|2022-11-15
|-
|-
|Severity
|Severity
|Medium
|Low
|-
|-
|Affected
|Affected
Line 19: Line 19:
|
|
* [https://www.cve.org/CVERecord?id=CVE-2022-41789 CVE-2022-41789]
* [https://www.cve.org/CVERecord?id=CVE-2022-41789 CVE-2022-41789]
* [https://www.cve.org/CVERecord?id=CVE-2022-41789 CVE-2022-41789]
* [https://www.cve.org/CVERecord?id=CVE-2022-41814 CVE-2022-41814]
* [https://www.cve.org/CVERecord?id=CVE-2022-41789 CVE-2022-41789]
* [https://www.cve.org/CVERecord?id=CVE-2022-42000 CVE-2022-42000]
|}
|}


Latest revision as of 10:10, 15 November 2022

Date 2022-11-15
Severity Low
Affected BlueSpice 4.x
Fixed in BlueSpice 4.2.1
CVE

Problem

Logged in users are able to inject arbitrary HTML (XSS) into several locations in the main interface by editing their user preferences.

Solution

Upgrade to BlueSpice 4.2.1

Acknowledgements

Found during an internal security audit.

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2022-04&oldid=5230"
No categories assignedEdit

Discussions