Security:Security Advisories/BSSA-2023-02: Difference between revisions

VisualWikitext
No edit summary
No edit summary
Tag: 2017 source edit
 
Line 1: Line 1:
{{Featurepage|featured=true|featuredesc=Current Security Advisory: BSSA-2023-01|featurestart=07/26/2023}}
{{Featurepage|featured=false|featuredesc=Current Security Advisory: BSSA-2023-01|featurestart=07/26/2023}}
{| class="wikitable"
{| class="wikitable"
|+
|+

Latest revision as of 13:45, 5 July 2024

Date 2023-10-30
Severity Low
Affected
  • BlueSpiceAvatars
Fixed in
  • BlueSpiceAvatars 4.3.3
  • BlueSpiceAvatars 3.2.10.1
CVE CVE-2023-42431

Problem

When setting the avatar profile image, one can cause an XSS attack by inserting a modified URL in the dialog. The issue only occurs in the dialog itself and only in the context of the user that applied the change.

Solution

  • BlueSpice 4: Update to version 4.3.3
  • BlueSpice 3: Update Extension:BlueSpiceAvatars version 3.2.10.1

Acknowledgements

Special thanks to the security team of an undisclosed customer.

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2023-02&oldid=9417"
No categories assignedEdit

Discussions