(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-11-08 |- |Severity |Medium |- |Affected |BlueSpice 4.x |- |Fixed in |BlueSpice 4.2.1 |- |CVE | * [https://www.cve.org/CVERecord?id=C...") Tag: 2017 source edit |
(No difference)
|
Revision as of 17:16, 11 November 2022
Date | 2022-11-08 |
Severity | Medium |
Affected | BlueSpice 4.x |
Fixed in | BlueSpice 4.2.1 |
CVE |
Problem
Users with admin rights are able to inject arbitrary HTML (XSS) into several locations in the main interface by editing their user preferences.
Solution
Upgrade to BlueSpice 4.2.1
Acknowledgements
Found during an internal security audit.