No edit summary |
No edit summary |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
{| class="wikitable" style="width:100%;" | {| class="wikitable sortable" style="width:100%;" | ||
!Release name | !Release name | ||
!Release date | !Release date | ||
Line 6: | Line 6: | ||
!Summary | !Summary | ||
|- | |- | ||
|[[Security:Security Advisories/BSSA- | |[[Security:Security Advisories/BSSA-2023-01|BSSA-2023-01]] | ||
| | |2023-07-25 | ||
| | |Ghostscript vulnerability | ||
|[https://www.cve.org/CVERecord?id=CVE- | |[https://www.cve.org/CVERecord?id=CVE-2023-36664 CVE-2023-36664] | ||
| | |Code can be executed on the server via a manipulated PDF | ||
|- | |- | ||
|[[Security:Security Advisories/BSSA-2022- | |[[Security:Security Advisories/BSSA-2022-08|BSSA-2022-08]] | ||
|2022-11-15 | |2022-11-15 | ||
|XSS attack vector on regular pages | |XSS attack vector on regular pages | ||
|[https://www.cve.org/CVERecord?id=CVE-2022- | |[https://www.cve.org/CVERecord?id=CVE-2022-3895 CVE-2022-3895] | ||
|Arbitrary HTML injection through | |Arbitrary HTML injection through use of interface elements | ||
|- | |- | ||
|[[Security:Security Advisories/BSSA-2022- | |[[Security:Security Advisories/BSSA-2022-07|BSSA-2022-07]] | ||
|2022-11-15 | |2022-11-15 | ||
|XSS attack vector on regular pages | |XSS attack vector on regular pages | ||
|[https://www.cve.org/CVERecord?id=CVE-2022- | |[https://www.cve.org/CVERecord?id=CVE-2022-3958 CVE-2022-3958] | ||
|Arbitrary HTML injection through | |Arbitrary HTML injection through personal menu items | ||
|- | |- | ||
|[[Security:Security Advisories/BSSA-2022- | |[[Security:Security Advisories/BSSA-2022-06|BSSA-2022-06]] | ||
|2022-11-15 | |2022-11-15 | ||
|XSS attack vector on regular pages | |XSS attack vector on regular pages | ||
|[https://www.cve.org/CVERecord?id=CVE-2022- | |[https://www.cve.org/CVERecord?id=CVE-2022-3893 CVE-2022-3893] | ||
|Arbitrary HTML injection through | |Arbitrary HTML injection through the custom menu | ||
|- | |- | ||
|[[Security:Security Advisories/BSSA-2022-05|BSSA-2022-05]] | |[[Security:Security Advisories/BSSA-2022-05|BSSA-2022-05]] | ||
Line 36: | Line 36: | ||
|Arbitrary HTML injection through the book navigation | |Arbitrary HTML injection through the book navigation | ||
|- | |- | ||
|[[Security:Security Advisories/BSSA-2022- | |[[Security:Security Advisories/BSSA-2022-04|BSSA-2022-04]] | ||
|2022-11-15 | |2022-11-15 | ||
|XSS attack vector on regular pages | |XSS attack vector on regular pages | ||
|[https://www.cve.org/CVERecord?id=CVE-2022- | |[https://www.cve.org/CVERecord?id=CVE-2022-41789 CVE-2022-41789], [https://www.cve.org/CVERecord?id=CVE-2022-41814 CVE-2022-41814], [https://www.cve.org/CVERecord?id=CVE-2022-42000 CVE-2022-42000] | ||
|Arbitrary HTML injection through | |Arbitrary HTML injection through user preferences | ||
|- | |- | ||
|[[Security:Security Advisories/BSSA-2022- | |[[Security:Security Advisories/BSSA-2022-03|BSSA-2022-03]] | ||
|2022-11-15 | |2022-11-15 | ||
|XSS attack vector on regular pages | |XSS attack vector on regular pages | ||
|[https://www.cve.org/CVERecord?id=CVE-2022- | |[https://www.cve.org/CVERecord?id=CVE-2022-41611 CVE-2022-41611] | ||
|Arbitrary HTML injection through | |Arbitrary HTML injection through main navigation | ||
|- | |- | ||
|[[Security:Security Advisories/BSSA-2022- | |[[Security:Security Advisories/BSSA-2022-02|BSSA-2022-02]] | ||
|2022-11-15 | |2022-11-15 | ||
|XSS attack vector on regular pages | |XSS attack vector on regular pages | ||
|[https://www.cve.org/CVERecord?id=CVE-2022- | |[https://www.cve.org/CVERecord?id=CVE-2022-2511 CVE-2022-2511] | ||
|Arbitrary HTML injection through | |Arbitrary HTML injection through the 'title' parameter | ||
|- | |- | ||
|[[Security:Security Advisories/BSSA-2022-01|BSSA-2022-01]] | |[[Security:Security Advisories/BSSA-2022-01|BSSA-2022-01]] | ||
| | |2022-01-31 | ||
| | |XSS attack vector in Search Center | ||
|[https://www.cve.org/CVERecord?id=CVE- | |[https://www.cve.org/CVERecord?id=CVE-2022-2510 CVE-2022-2510] | ||
| | |JavaScript in search field is reflected back to the browser. | ||
|} | |} |
Latest revision as of 16:09, 27 July 2023
Release name | Release date | Title | References | Summary |
---|---|---|---|---|
BSSA-2023-01 | 2023-07-25 | Ghostscript vulnerability | CVE-2023-36664 | Code can be executed on the server via a manipulated PDF |
BSSA-2022-08 | 2022-11-15 | XSS attack vector on regular pages | CVE-2022-3895 | Arbitrary HTML injection through use of interface elements |
BSSA-2022-07 | 2022-11-15 | XSS attack vector on regular pages | CVE-2022-3958 | Arbitrary HTML injection through personal menu items |
BSSA-2022-06 | 2022-11-15 | XSS attack vector on regular pages | CVE-2022-3893 | Arbitrary HTML injection through the custom menu |
BSSA-2022-05 | 2022-11-15 | XSS attack vector on regular pages | CVE-2022-42001 | Arbitrary HTML injection through the book navigation |
BSSA-2022-04 | 2022-11-15 | XSS attack vector on regular pages | CVE-2022-41789, CVE-2022-41814, CVE-2022-42000 | Arbitrary HTML injection through user preferences |
BSSA-2022-03 | 2022-11-15 | XSS attack vector on regular pages | CVE-2022-41611 | Arbitrary HTML injection through main navigation |
BSSA-2022-02 | 2022-11-15 | XSS attack vector on regular pages | CVE-2022-2511 | Arbitrary HTML injection through the 'title' parameter |
BSSA-2022-01 | 2022-01-31 | XSS attack vector in Search Center | CVE-2022-2510 | JavaScript in search field is reflected back to the browser. |