(Difference between pages)
No edit summary Tag: 2017 source edit |
(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-11-08 |- |Severity |Medium |- |Affected | * BlueSpice 4.x * Common User Interface 3.0.x |- |Fixed in | * BlueSpice 4.2.1 * Common Us...") Tag: 2017 source edit |
||
Line 11: | Line 11: | ||
|- | |- | ||
|Affected | |Affected | ||
|BlueSpice 4.x | | | ||
* BlueSpice 4.x | |||
* Common User Interface 3.0.x | |||
|- | |- | ||
|Fixed in | |Fixed in | ||
|BlueSpice 4.2.1 | | | ||
* BlueSpice 4.2.1 | |||
* Common User Interface 3.0.5 | |||
|- | |- | ||
|CVE | |CVE | ||
|[https://www.cve.org/CVERecord?id=CVE-2022- | |[https://www.cve.org/CVERecord?id=CVE-2022-3895 CVE-2022-3895] | ||
|} | |} | ||
== Problem == | == Problem == | ||
Some UI elements of the Common user interface component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). | |||
== Solution == | == Solution == | ||
Upgrade to BlueSpice 4.2.1 | Upgrade to Common User Interface 3.0.5 or later. This is included in BlueSpice 4.2.1 or later. | ||
== Acknowledgements == | == Acknowledgements == | ||
Found during an internal security audit. | Found during an internal security audit. |
Revision as of 17:12, 11 November 2022
Date | 2022-11-08 |
Severity | Medium |
Affected |
|
Fixed in |
|
CVE | CVE-2022-3895 |
Problem
Some UI elements of the Common user interface component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).
Solution
Upgrade to Common User Interface 3.0.5 or later. This is included in BlueSpice 4.2.1 or later.
Acknowledgements
Found during an internal security audit.