Difference between revisions of "Security:Security Advisories/BSSA-2022-02"

[quality revision][quality revision]
m ((username removed) (log details removed))
Tag: 2017 source edit
Line 15: Line 15:
|Fixed in
|Fixed in
|[https://www.cve.org/CVERecord?id=CVE-2022-2511 CVE-2022-2511]

Latest revision as of 21:59, 22 July 2022

Date 2022-04-25
Severity Medium
Affected BlueSpice 4.x
Fixed in 4.1.3
CVE CVE-2022-2511

Problem[edit | edit source]

Users are able to inject arbitrary HTML (XSS) on regular pages, using a special value for the title parameter. This can be triggered via URL.

Solution[edit | edit source]

Upgrade to BlueSpice 4.1.3

Acknowledgements[edit | edit source]

Special thanks to the security team of an undisclosed customer

No categories assignedEdit