(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-11-08 |- |Severity |Medium |- |Affected | * BlueSpice 4.x * Common User Interface 3.0.x |- |Fixed in | * BlueSpice 4.2.1 * Common Us...") Tag: 2017 source edit |
No edit summary Tag: 2017 source edit |
||
| Line 5: | Line 5: | ||
|- | |- | ||
|Date | |Date | ||
|2022-11- | |2022-11-15 | ||
|- | |- | ||
|Severity | |Severity | ||
Latest revision as of 09:11, 15 November 2022
| Date | 2022-11-15 |
| Severity | Medium |
| Affected |
|
| Fixed in |
|
| CVE | CVE-2022-3895 |
Problem
Some UI elements of the Common user interface component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).
Solution
Upgrade to Common User Interface 3.0.5 or later. This is included in BlueSpice 4.2.1 or later.
Acknowledgements
Found during an internal security audit.
