Date | 2022-11-15 |
Severity | Medium |
Affected |
|
Fixed in |
|
CVE | CVE-2022-3895 |
Problem[edit | edit source]
Some UI elements of the Common user interface component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).
Solution[edit | edit source]
Upgrade to Common User Interface 3.0.5 or later. This is included in BlueSpice 4.2.1 or later.
Acknowledgements[edit | edit source]
Found during an internal security audit.