Announcement/XSS attack: Difference between revisions

No edit summary
Tag: 2017 source edit
No edit summary
Tag: 2017 source edit
Line 6: Line 6:
The value from 'title' parameter get's unsanitized to the output (e.g. in 'list-group-item').
The value from 'title' parameter get's unsanitized to the output (e.g. in 'list-group-item').


[[Setup:Release Notes#4.1.3|Patch release 4.1.3]] contains an important security-fix for a “reflected XSS” attack.  
[[Setup:Release Notes#4.1.3|Patch release 4.1.3]] contains an important security-fix for this attack.  


The [Security:Security_Advisories/BSSA-2022-01 corresponding CVE entry] is still pending and will be published soon. It is highly recommended that all users update their installation of BlueSpice 4 as soon as possible.
The [[Security:Security_Advisories/BSSA-2022-01 corresponding CVE entry]] is still pending and will be published soon. It is highly recommended that all users update their installation of BlueSpice 4 as soon as possible.


[[de:Meldung/XSS attack]]
[[de:Meldung/XSS attack]]
[[en:{{FULLPAGENAME}}]]
[[en:{{FULLPAGENAME}}]]

Revision as of 07:22, 26 April 2022

Event

XSS attack vector in mwstake/mediawiki-component-commonuserinterface.

Evaluation of the vulnerability in BlueSpice

The value from 'title' parameter get's unsanitized to the output (e.g. in 'list-group-item').

Patch release 4.1.3 contains an important security-fix for this attack.

The Security:Security_Advisories/BSSA-2022-01 corresponding CVE entry is still pending and will be published soon. It is highly recommended that all users update their installation of BlueSpice 4 as soon as possible.



To submit feedback about this documentation, visit our community forum.