Last edited 2 years ago
by Mglaser

BSSA-2022-04



Date	2022-11-15
Severity	Low
Affected	BlueSpice 4.x
Fixed in	BlueSpice 4.2.1
CVE	CVE-2022-41789 CVE-2022-41814 CVE-2022-42000

Problem

Logged in users are able to inject arbitrary HTML (XSS) into several locations in the main interface by editing their user preferences.

Solution

Upgrade to BlueSpice 4.2.1

Acknowledgements

Found during an internal security audit.

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2022-04&oldid=5230"