Announcement/XSS attack: Difference between revisions

VisualWikitext
m ((username removed) (log details removed))
m ((username removed) (log details removed))

Revision as of 11:06, 26 April 2022

Event

XSS attack vector in mwstake/mediawiki-component-commonuserinterface.

Evaluation of the vulnerability in BlueSpice

The value from 'title' parameter get's unsanitized to the output (e.g. in 'list-group-item').

Patch release 4.1.3 contains an important security-fix for this attack.

The corresponding CVE entry is still pending and will be published soon. It is highly recommended that all users update their installation of BlueSpice 4 as soon as possible.


To submit feedback about this documentation, visit our community forum.

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Announcement/XSS_attack&oldid=3339"