(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-11-08 |- |Severity |Low |- |Affected |BlueSpice 4.x |- |Fixed in |BlueSpice 4.2.1 |- |CVE |[https://www.cve.org/CVERecord?id=CVE-202...") Tag: 2017 source edit |
No edit summary Tag: 2017 source edit |
||
(One intermediate revision by the same user not shown) | |||
Line 5: | Line 5: | ||
|- | |- | ||
|Date | |Date | ||
|2022-11- | |2022-11-15 | ||
|- | |- | ||
|Severity | |Severity | ||
Line 17: | Line 17: | ||
|- | |- | ||
|CVE | |CVE | ||
|[https://www.cve.org/CVERecord?id=CVE-2022- | |[https://www.cve.org/CVERecord?id=CVE-2022-3893 CVE-2022-3893] | ||
|} | |} | ||
Latest revision as of 09:11, 15 November 2022
Date | 2022-11-15 |
Severity | Low |
Affected | BlueSpice 4.x |
Fixed in | BlueSpice 4.2.1 |
CVE | CVE-2022-3893 |
Problem
Users with admin rights are able to inject arbitrary HTML (XSS) into custom navigation by editing a menu item.
Solution
Upgrade to BlueSpice 4.2.1
Acknowledgements
Found during an internal security audit.