You are viewing an old version of this page. Return to the latest version.

Last edited one year ago
by Mglaser

BSSA-2022-01

Revision as of 16:33, 24 March 2022 by Mglaser (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)



Date	2022-01-31
Severity	Medium
Affected	BlueSpice 3.x, BlueSpice 4.x
Fixed in	BlueSpice 3.2.9, BlueSpice 4.1.1

1. Problem

Users are able to inject arbitrary HTML (XSS) on Special:SearchCenter, using the search term. This can be triggered via URL.

2. Solution

Upgrade to BlueSpice 4.1.1

3. Acknowledgements

Special thanks to the security team of an undisclosed customer

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2022-01&oldid=2983"

No categories assignedEdit