|
|
Line 1: |
Line 1: |
| {{Featurepage|featured=true|featuredesc=Patch Release 4.1.3 contains an important '''security fix''' for a “reflected XSS” attack. <span class="bi bi-exclamation-circle-fill" style="color:orange"></span>|featurestart=04/25/2022}} | | { |
| ==Event==
| | "social-profile-title": null, |
| XSS attack vector in ''mwstake/mediawiki-component-commonuserinterface.''
| | "social-profile-name": null, |
| | | "social-profile-email": null, |
| == Evaluation of the vulnerability in BlueSpice ==
| | "social-profile-department": "", |
| The value from 'title' parameter get's unsanitized to the output (e.g. in 'list-group-item').
| | "social-profile-function": "", |
| | | "social-profile-location": "", |
| [[Setup:Release Notes#4.1.3|Patch release 4.1.3]] contains an important security-fix for this attack.
| | "social-profile-phone": "", |
| | | "description": "", |
| The [[Security:Security_Advisories/BSSA-2022-02|corresponding CVE entry]] is still pending and will be published soon. It is highly recommended that all users update their installation of BlueSpice 4 as soon as possible.
| | "parentid": 0, |
| | | "id": 414, |
| [[de:Meldung/XSS attack]] | | "ownerid": 18, |
| [[en:{{FULLPAGENAME}}]]
| | "type": "profile", |
| | "archived": false, |
| | "tags": [ |
| | "User:Pyashchenko" |
| | ], |
| | "resolved": false |
| | } |