Security:Security Advisories/BSSA-2022-08: Difference between revisions

(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-11-08 |- |Severity |Medium |- |Affected | * BlueSpice 4.x * Common User Interface 3.0.x |- |Fixed in | * BlueSpice 4.2.1 * Common Us...")
Tag: 2017 source edit
 
No edit summary
Tag: 2017 source edit
 
Line 5: Line 5:
|-
|-
|Date
|Date
|2022-11-08
|2022-11-15
|-
|-
|Severity
|Severity

Latest revision as of 09:11, 15 November 2022

Date 2022-11-15
Severity Medium
Affected
  • BlueSpice 4.x
  • Common User Interface 3.0.x
Fixed in
  • BlueSpice 4.2.1
  • Common User Interface 3.0.5
CVE CVE-2022-3895

Problem

Some UI elements of the Common user interface component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).

Solution

Upgrade to Common User Interface 3.0.5 or later. This is included in BlueSpice 4.2.1 or later.

Acknowledgements

Found during an internal security audit.