BSSA-2022-08

Revision as of 17:12, 11 November 2022 by Mglaser (talk | contribs) (Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-11-08 |- |Severity |Medium |- |Affected | * BlueSpice 4.x * Common User Interface 3.0.x |- |Fixed in | * BlueSpice 4.2.1 * Common Us...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Date 2022-11-08
Severity Medium
Affected
  • BlueSpice 4.x
  • Common User Interface 3.0.x
Fixed in
  • BlueSpice 4.2.1
  • Common User Interface 3.0.5
CVE CVE-2022-3895

Problem

Some UI elements of the Common user interface component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).

Solution

Upgrade to Common User Interface 3.0.5 or later. This is included in BlueSpice 4.2.1 or later.

Acknowledgements

Found during an internal security audit.