Announcement/XSS attack: Difference between revisions

m ((username removed) (log details removed))
No edit summary
Tag: 2017 source edit
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Featurepage|featured=true|featuredesc=Patch Release 4.1.3 contains an important '''security fix''' for a “reflected XSS” attack. <span class="bi bi-exclamation-circle-fill" style="color:orange"></span>|featurestart=04/25/2022}}
{{Featurepage|featured=false|featuredesc=Patch Release 4.1.3 contains an important '''security fix''' for a “reflected XSS” attack. |featurestart=04/25/2022}}
==Event==
==Event==
XSS attack vector in ''mwstake/mediawiki-component-commonuserinterface.''   
XSS attack vector in ''mwstake/mediawiki-component-commonuserinterface.''   

Latest revision as of 15:12, 28 July 2022

Event

XSS attack vector in mwstake/mediawiki-component-commonuserinterface.

Evaluation of the vulnerability in BlueSpice

The value from 'title' parameter get's unsanitized to the output (e.g. in 'list-group-item').

Patch release 4.1.3 contains an important security-fix for this attack.

The corresponding CVE entry is still pending and will be published soon. It is highly recommended that all users update their installation of BlueSpice 4 as soon as possible.



To submit feedback about this documentation, visit our community forum.