No edit summary |
No edit summary Tag: 2017 source edit |
||
(2 intermediate revisions by one other user not shown) | |||
Line 15: | Line 15: | ||
|Fixed in | |Fixed in | ||
|BlueSpice 3.2.9, BlueSpice 4.1.1 | |BlueSpice 3.2.9, BlueSpice 4.1.1 | ||
|- | |||
|CVE | |||
|[https://www.cve.org/CVERecord?id=CVE-2022-2510 CVE-2022-2510] | |||
|} | |} | ||
Latest revision as of 20:57, 22 July 2022
Date | 2022-01-31 |
Severity | Medium |
Affected | BlueSpice 3.x, BlueSpice 4.x |
Fixed in | BlueSpice 3.2.9, BlueSpice 4.1.1 |
CVE | CVE-2022-2510 |
Problem
Users are able to inject arbitrary HTML (XSS) on Special:SearchCenter, using the search term. This can be triggered via URL.
Solution
Upgrade to BlueSpice 4.1.1
Acknowledgements
Special thanks to the security team of an undisclosed customer