(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-11-08 |- |Severity |Low |- |Affected |BlueSpice 4.x |- |Fixed in |BlueSpice 4.2.1 |- |CVE |[https://www.cve.org/CVERecord?id=CVE-202...") Tag: 2017 source edit |
No edit summary Tag: 2017 source edit |
||
Line 17: | Line 17: | ||
|- | |- | ||
|CVE | |CVE | ||
|[https://www.cve.org/CVERecord?id=CVE-2022- | |[https://www.cve.org/CVERecord?id=CVE-2022-42001 CVE-2022-42001] | ||
|} | |} | ||
== Problem == | == Problem == | ||
Users with edit rights are able to inject arbitrary HTML (XSS) into book navigation by editing a book chapter. | Users with edit rights are able to inject arbitrary HTML (XSS) into book navigation by editing a book chapter title. | ||
== Solution == | == Solution == |
Revision as of 16:50, 11 November 2022
Date | 2022-11-08 |
Severity | Low |
Affected | BlueSpice 4.x |
Fixed in | BlueSpice 4.2.1 |
CVE | CVE-2022-42001 |
Problem
Users with edit rights are able to inject arbitrary HTML (XSS) into book navigation by editing a book chapter title.
Solution
Upgrade to BlueSpice 4.2.1
Acknowledgements
Found during an internal security audit.