Date | 2022-11-08 |
Severity | Medium |
Affected |
|
Fixed in |
|
CVE | CVE-2022-3895 |
Problem
Some UI elements of the Common user interface component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).
Solution
Upgrade to Common User Interface 3.0.5 or later. This is included in BlueSpice 4.2.1 or later.
Acknowledgements
Found during an internal security audit.