BSSA-2022-04

Revision as of 09:10, 15 November 2022 by Mglaser (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Date 2022-11-15
Severity Low
Affected BlueSpice 4.x
Fixed in BlueSpice 4.2.1
CVE

Problem

Logged in users are able to inject arbitrary HTML (XSS) into several locations in the main interface by editing their user preferences.

Solution

Upgrade to BlueSpice 4.2.1

Acknowledgements

Found during an internal security audit.