(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-01-31 |- |Severity |Medium |- |Affected |BlueSpice 4.x |- |Fixed in |BlueSpice 4.1.2 |} == Problem == Users are able to inject arbi...") |
(No difference)
|
Revision as of 12:54, 24 March 2022
Date | 2022-01-31 |
Severity | Medium |
Affected | BlueSpice 4.x |
Fixed in | BlueSpice 4.1.2 |
Problem
Users are able to inject arbitrary HTML (XSS) on Special:SearchCenter, using the search term. This can be triggered via URL.
Solution
Upgrade to BlueSpice 4.1.2
Acknowledgements
Special thanks to the security team of an undisclosed customer