(Difference between pages)
No edit summary |
No edit summary Tag: 2017 source edit |
||
| Line 1: | Line 1: | ||
{{Featurepage|featured=true|featuredesc=Patch Release 4.1.3 contains an important security fix for a “reflected XSS” attack. <span class="bi bi-exclamation-circle-fill" style="color:orange"></span>|featurestart=04/25/2022}} | |||
==Event== | |||
XSS attack vector in ''mwstake/mediawiki-component-commonuserinterface.'' | |||
== Evaluation of the vulnerability in BlueSpice == | |||
The value from 'title' parameter get's unsanitized to the output (e.g. in 'list-group-item'). | |||
[[Setup:Release Notes#4.1.3|Patch release 4.1.3]] contains an important security-fix for a “reflected XSS” attack. | |||
The [Security:Security_Advisories/BSSA-2022-01 corresponding CVE entry] is still pending and will be published soon. It is highly recommended that all users update their installation of BlueSpice 4 as soon as possible. | |||
[[de:Meldung/XSS attack]] | |||
[[en:{{FULLPAGENAME}}]] | |||
Revision as of 17:53, 25 April 2022
Event
XSS attack vector in mwstake/mediawiki-component-commonuserinterface.
Evaluation of the vulnerability in BlueSpice
The value from 'title' parameter get's unsanitized to the output (e.g. in 'list-group-item').
Patch release 4.1.3 contains an important security-fix for a “reflected XSS” attack.
The [Security:Security_Advisories/BSSA-2022-01 corresponding CVE entry] is still pending and will be published soon. It is highly recommended that all users update their installation of BlueSpice 4 as soon as possible.
File history
Click on a date/time to view the file as it appeared at that time.
| Date/Time | Thumbnail | Dimensions | User | Comment | |
|---|---|---|---|---|---|
| current | 11:54, 4 April 2022 |  | 1,556 × 814 (65 KB) | Margit Link-Rodrigue (talk | contribs) |
You cannot overwrite this file.
File usage
The following page uses this file:
Discussions