No edit summary |
No edit summary Tag: 2017 source edit |
||
| Line 1: | Line 1: | ||
{{Featurepage|featured= | {{Featurepage|featured=false|featuredesc=Current Security Advisory: BSSA-2023-01|featurestart=07/26/2023}} | ||
{| class="wikitable" | {| class="wikitable" | ||
|+ | |+ | ||
Latest revision as of 12:45, 5 July 2024
| Date | 2023-10-30 |
| Severity | Low |
| Affected |
|
| Fixed in |
|
| CVE | CVE-2023-42431 |
Problem
When setting the avatar profile image, one can cause an XSS attack by inserting a modified URL in the dialog. The issue only occurs in the dialog itself and only in the context of the user that applied the change.
Solution
- BlueSpice 4: Update to version 4.3.3
- BlueSpice 3: Update Extension:BlueSpiceAvatars version 3.2.10.1
Acknowledgements
Special thanks to the security team of an undisclosed customer.
