(Difference between pages)
No edit summary Tag: 2017 source edit |
No edit summary Tag: 2017 source edit |
||
Line 8: | Line 8: | ||
|- | |- | ||
|Severity | |Severity | ||
| | |Medium | ||
|- | |- | ||
|Affected | |Affected | ||
Line 17: | Line 17: | ||
|- | |- | ||
|CVE | |CVE | ||
|[https://www.cve.org/CVERecord?id=CVE-2022- | |[https://www.cve.org/CVERecord?id=CVE-2022-3958 CVE-2022-3958] | ||
|} | |} | ||
== Problem == | == Problem == | ||
Users with edit rights are able to inject arbitrary HTML (XSS) into | Users with edit rights are able to inject arbitrary HTML (XSS) into a user's personal navigation by editing a menu item. This allows for targeted attacks | ||
== Solution == | == Solution == |
Revision as of 16:57, 11 November 2022
Date | 2022-11-08 |
Severity | Medium |
Affected | BlueSpice 4.x |
Fixed in | BlueSpice 4.2.1 |
CVE | CVE-2022-3958 |
Problem
Users with edit rights are able to inject arbitrary HTML (XSS) into a user's personal navigation by editing a menu item. This allows for targeted attacks
Solution
Upgrade to BlueSpice 4.2.1
Acknowledgements
Found during an internal security audit.