Security:Security Advisories: Difference between revisions

No edit summary
Tag: 2017 source edit
No edit summary
 
Line 1: Line 1:
{| class="wikitable" style="width:100%;"
{| class="wikitable sortable" style="width:100%;"
!Release name
!Release name
!Release date
!Release date
Line 6: Line 6:
!Summary
!Summary
|-
|-
|[[Security:Security Advisories/BSSA-2022-01|BSSA-2022-01]]
|[[Security:Security Advisories/BSSA-2023-01|BSSA-2023-01]]
|2022-01-31
|2023-07-25
|XSS attack vector in Search Center
|Ghostscript vulnerability
|[https://www.cve.org/CVERecord?id=CVE-2022-2510 CVE-2022-2510]
|[https://www.cve.org/CVERecord?id=CVE-2023-36664 CVE-2023-36664]
|JavaScript in search field is reflected back to the browser.
|Code can be executed on the server via a manipulated PDF
|-
|-
|[[Security:Security Advisories/BSSA-2022-02|BSSA-2022-02]]
|[[Security:Security Advisories/BSSA-2022-08|BSSA-2022-08]]
|2022-11-15
|2022-11-15
|XSS attack vector on regular pages
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-2511 CVE-2022-2511]
|[https://www.cve.org/CVERecord?id=CVE-2022-3895 CVE-2022-3895]
|Arbitrary HTML injection through the 'title' parameter
|Arbitrary HTML injection through use of interface elements
|-
|-
|[[Security:Security Advisories/BSSA-2022-03|BSSA-2022-03]]
|[[Security:Security Advisories/BSSA-2022-07|BSSA-2022-07]]
|2022-11-15
|2022-11-15
|XSS attack vector on regular pages
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-41611 CVE-2022-41611]
|[https://www.cve.org/CVERecord?id=CVE-2022-3958 CVE-2022-3958]
|Arbitrary HTML injection through main navigation
|Arbitrary HTML injection through personal menu items
|-
|-
|[[Security:Security Advisories/BSSA-2022-04|BSSA-2022-04]]
|[[Security:Security Advisories/BSSA-2022-06|BSSA-2022-06]]
|2022-11-15
|2022-11-15
|XSS attack vector on regular pages
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-41789 CVE-2022-41789], [https://www.cve.org/CVERecord?id=CVE-2022-41814 CVE-2022-41814], [https://www.cve.org/CVERecord?id=CVE-2022-42000 CVE-2022-42000]
|[https://www.cve.org/CVERecord?id=CVE-2022-3893 CVE-2022-3893]
|Arbitrary HTML injection through user preferences
|Arbitrary HTML injection through the custom menu
|-
|-
|[[Security:Security Advisories/BSSA-2022-05|BSSA-2022-05]]
|[[Security:Security Advisories/BSSA-2022-05|BSSA-2022-05]]
Line 36: Line 36:
|Arbitrary HTML injection through the book navigation
|Arbitrary HTML injection through the book navigation
|-
|-
|[[Security:Security Advisories/BSSA-2022-06|BSSA-2022-06]]
|[[Security:Security Advisories/BSSA-2022-04|BSSA-2022-04]]
|2022-11-15
|2022-11-15
|XSS attack vector on regular pages
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-3893 CVE-2022-3893]
|[https://www.cve.org/CVERecord?id=CVE-2022-41789 CVE-2022-41789], [https://www.cve.org/CVERecord?id=CVE-2022-41814 CVE-2022-41814], [https://www.cve.org/CVERecord?id=CVE-2022-42000 CVE-2022-42000]
|Arbitrary HTML injection through the custom menu
|Arbitrary HTML injection through user preferences
|-
|-
|[[Security:Security Advisories/BSSA-2022-07|BSSA-2022-07]]
|[[Security:Security Advisories/BSSA-2022-03|BSSA-2022-03]]
|2022-11-15
|2022-11-15
|XSS attack vector on regular pages
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-3958 CVE-2022-3958]
|[https://www.cve.org/CVERecord?id=CVE-2022-41611 CVE-2022-41611]
|Arbitrary HTML injection through personal menu items
|Arbitrary HTML injection through main navigation
|-
|-
|[[Security:Security Advisories/BSSA-2022-08|BSSA-2022-08]]
|[[Security:Security Advisories/BSSA-2022-02|BSSA-2022-02]]
|2022-11-15
|2022-11-15
|XSS attack vector on regular pages
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-3895 CVE-2022-3895]
|[https://www.cve.org/CVERecord?id=CVE-2022-2511 CVE-2022-2511]
|Arbitrary HTML injection through use of interface elements
|Arbitrary HTML injection through the 'title' parameter
|-
|-
|[[Security:Security Advisories/BSSA-2023-01|BSSA-2023-01]]
|[[Security:Security Advisories/BSSA-2022-01|BSSA-2022-01]]
|2023-07-25
|2022-01-31
|Ghostscript vulnerability
|XSS attack vector in Search Center
|[https://www.cve.org/CVERecord?id=CVE-2023-36664 CVE-2023-36664]
|[https://www.cve.org/CVERecord?id=CVE-2022-2510 CVE-2022-2510]
|Code can be executed on the server via a manipulated PDF
|JavaScript in search field is reflected back to the browser.
|}
|}

Latest revision as of 16:09, 27 July 2023

Release name Release date Title References Summary
BSSA-2023-01 2023-07-25 Ghostscript vulnerability CVE-2023-36664 Code can be executed on the server via a manipulated PDF
BSSA-2022-08 2022-11-15 XSS attack vector on regular pages CVE-2022-3895 Arbitrary HTML injection through use of interface elements
BSSA-2022-07 2022-11-15 XSS attack vector on regular pages CVE-2022-3958 Arbitrary HTML injection through personal menu items
BSSA-2022-06 2022-11-15 XSS attack vector on regular pages CVE-2022-3893 Arbitrary HTML injection through the custom menu
BSSA-2022-05 2022-11-15 XSS attack vector on regular pages CVE-2022-42001 Arbitrary HTML injection through the book navigation
BSSA-2022-04 2022-11-15 XSS attack vector on regular pages CVE-2022-41789, CVE-2022-41814, CVE-2022-42000 Arbitrary HTML injection through user preferences
BSSA-2022-03 2022-11-15 XSS attack vector on regular pages CVE-2022-41611 Arbitrary HTML injection through main navigation
BSSA-2022-02 2022-11-15 XSS attack vector on regular pages CVE-2022-2511 Arbitrary HTML injection through the 'title' parameter
BSSA-2022-01 2022-01-31 XSS attack vector in Search Center CVE-2022-2510 JavaScript in search field is reflected back to the browser.