Security:Security Advisories/BSSA-2022-02: Difference between revisions

VisualWikitext
(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-04-25 |- |Severity |Medium |- |Affected |BlueSpice 4.x |- |Fixed in |4.1.3 |} == Problem == Users are able to inject arbitrary HTML...")
Tag: 2017 source edit
 
No edit summary
Tag: 2017 source edit
 
(3 intermediate revisions by one other user not shown)
Line 15: Line 15:
|Fixed in
|Fixed in
|4.1.3
|4.1.3
|-
|CVE
|[https://www.cve.org/CVERecord?id=CVE-2022-2511 CVE-2022-2511]
|}
|}


== Problem ==
== Problem ==
Users are able to inject arbitrary HTML (XSS) on regular pages, using a special value for the <nowiki><code>title</code></nowiki> parameter. This can be triggered via URL.
Users are able to inject arbitrary HTML (XSS) on regular pages, using a special value for the <code>title</code> parameter. This can be triggered via URL.


== Solution ==
== Solution ==

Latest revision as of 21:59, 22 July 2022

Date 2022-04-25
Severity Medium
Affected BlueSpice 4.x
Fixed in 4.1.3
CVE CVE-2022-2511

Problem

Users are able to inject arbitrary HTML (XSS) on regular pages, using a special value for the title parameter. This can be triggered via URL.

Solution

Upgrade to BlueSpice 4.1.3

Acknowledgements

Special thanks to the security team of an undisclosed customer

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2022-02&oldid=3912"
No categories assignedEdit

Discussions