BSSA-2022-02

Revision as of 20:59, 22 July 2022 by Mglaser (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Date 2022-04-25
Severity Medium
Affected BlueSpice 4.x
Fixed in 4.1.3
CVE CVE-2022-2511

Problem

Users are able to inject arbitrary HTML (XSS) on regular pages, using a special value for the title parameter. This can be triggered via URL.

Solution

Upgrade to BlueSpice 4.1.3

Acknowledgements

Special thanks to the security team of an undisclosed customer

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2022-02&oldid=3912"