Security:Security Advisories/BSSA-2022-04: Difference between revisions

(Created page with "{| class="wikitable" |+ ! ! |- |Date |2022-11-08 |- |Severity |Medium |- |Affected |BlueSpice 4.x |- |Fixed in |BlueSpice 4.2.1 |- |CVE | * [https://www.cve.org/CVERecord?id=C...")
Tag: 2017 source edit
(No difference)

Revision as of 17:16, 11 November 2022

Date 2022-11-08
Severity Medium
Affected BlueSpice 4.x
Fixed in BlueSpice 4.2.1
CVE

Problem

Users with admin rights are able to inject arbitrary HTML (XSS) into several locations in the main interface by editing their user preferences.

Solution

Upgrade to BlueSpice 4.2.1

Acknowledgements

Found during an internal security audit.

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2022-04&oldid=5218"
No categories assignedEdit

Discussions