(Difference between pages)
(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-11-08 |- |Severity |Medium |- |Affected | * BlueSpice 4.x * Common User Interface 3.0.x |- |Fixed in | * BlueSpice 4.2.1 * Common Us...") Tag: 2017 source edit |
No edit summary Tag: 2017 source edit |
||
Line 1: | Line 1: | ||
{| class="wikitable" | {| class="wikitable" style="" | ||
|+ | |+ | ||
! | ! | ||
Line 5: | Line 5: | ||
|- | |- | ||
|Date | |Date | ||
|2022-11- | |2022-11-15 | ||
|- | |- | ||
|Severity | |Severity | ||
| | |Low | ||
|- | |- | ||
|Affected | |Affected | ||
| | |BlueSpice 4.x | ||
|- | |- | ||
|Fixed in | |Fixed in | ||
| | |BlueSpice 4.2.1 | ||
|- | |- | ||
|CVE | |CVE | ||
|[https://www.cve.org/CVERecord?id=CVE-2022- | | | ||
* [https://www.cve.org/CVERecord?id=CVE-2022-41789 CVE-2022-41789] | |||
* [https://www.cve.org/CVERecord?id=CVE-2022-41814 CVE-2022-41814] | |||
* [https://www.cve.org/CVERecord?id=CVE-2022-42000 CVE-2022-42000] | |||
|} | |} | ||
== Problem == | == Problem == | ||
Logged in users are able to inject arbitrary HTML (XSS) into several locations in the main interface by editing their user preferences. | |||
== Solution == | == Solution == | ||
Upgrade to | Upgrade to BlueSpice 4.2.1 | ||
== Acknowledgements == | == Acknowledgements == | ||
Found during an internal security audit. | Found during an internal security audit. |
Latest revision as of 09:10, 15 November 2022
Date | 2022-11-15 |
Severity | Low |
Affected | BlueSpice 4.x |
Fixed in | BlueSpice 4.2.1 |
CVE |
Problem
Logged in users are able to inject arbitrary HTML (XSS) into several locations in the main interface by editing their user preferences.
Solution
Upgrade to BlueSpice 4.2.1
Acknowledgements
Found during an internal security audit.