(Difference between pages)
No edit summary |
(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-01-31 |- |Severity |Medium |- |Affected |BlueSpice 4.x |- |Fixed in |BlueSpice 4.1.2 |} == Problem == Users are able to inject arbi...") |
||
Line 1: | Line 1: | ||
{ | {| class="wikitable" | ||
|+ | |||
! | |||
! | |||
|- | |||
|Date | |||
|2022-01-31 | |||
|- | |||
|Severity | |||
|Medium | |||
|- | |||
|Affected | |||
|BlueSpice 4.x | |||
|- | |||
|Fixed in | |||
|BlueSpice 4.1.2 | |||
|} | |||
== Problem == | |||
Users are able to inject arbitrary HTML (XSS) on Special:SearchCenter, using the search term. This can be triggered via URL. | |||
== Solution == | |||
Upgrade to BlueSpice 4.1.2 | |||
== Acknowledgements == | |||
Special thanks to the security team of an undisclosed customer |
Revision as of 11:54, 24 March 2022
Date | 2022-01-31 |
Severity | Medium |
Affected | BlueSpice 4.x |
Fixed in | BlueSpice 4.1.2 |
Problem
Users are able to inject arbitrary HTML (XSS) on Special:SearchCenter, using the search term. This can be triggered via URL.
Solution
Upgrade to BlueSpice 4.1.2
Acknowledgements
Special thanks to the security team of an undisclosed customer