Security:Security Advisories/BSSA-2022-02 and SocialEntity:432: Difference between pages

(Difference between pages)
VisualWikitext
(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-04-25 |- |Severity |Medium |- |Affected |BlueSpice 4.x |- |Fixed in |4.1.3 |} == Problem == Users are able to inject arbitrary HTML...")
Tag: 2017 source edit
 
No edit summary
 
Line 1: Line 1:
{| class="wikitable"
{
|+
    "wikipageid": 2115,
!
    "namespace": 0,
!
    "titletext": "Reference:ImportOfficeFiles",
|-
    "description": "",
|Date
    "parentid": 0,
|2022-04-25
    "id": 432,
|-
    "ownerid": 6,
|Severity
    "type": "wikipage",
|Medium
    "archived": false,
|-
    "tags": [
|Affected
        "Reference:ImportOfficeFiles"
|BlueSpice 4.x
    ],
|-
    "resolved": false
|Fixed in
}
|4.1.3
|}
 
== Problem ==
Users are able to inject arbitrary HTML (XSS) on regular pages, using a special value for the <nowiki><code>title</code></nowiki> parameter. This can be triggered via URL.
 
== Solution ==
Upgrade to BlueSpice 4.1.3
 
== Acknowledgements ==
Special thanks to the security team of an undisclosed customer

Latest revision as of 14:58, 26 July 2022

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2022-02&oldid=3994"
No categories assignedEdit

Discussions