You are viewing an old version of this page. Return to the latest version.

Last edited 2 years ago
by Mglaser

BSSA-2022-04

Revision as of 16:16, 11 November 2022 by Mglaser (talk | contribs) (Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-11-08 |- |Severity |Medium |- |Affected |BlueSpice 4.x |- |Fixed in |BlueSpice 4.2.1 |- |CVE | * [https://www.cve.org/CVERecord?id=C...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)



Date	2022-11-08
Severity	Medium
Affected	BlueSpice 4.x
Fixed in	BlueSpice 4.2.1
CVE	CVE-2022-41789 CVE-2022-41789 CVE-2022-41789

Problem

Users with admin rights are able to inject arbitrary HTML (XSS) into several locations in the main interface by editing their user preferences.

Solution

Upgrade to BlueSpice 4.2.1

Acknowledgements

Found during an internal security audit.

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2022-04&oldid=5218"