Date 2022-11-15
Severity Medium
Affected
  • BlueSpice 4.x
  • Common User Interface 3.0.x
Fixed in
  • BlueSpice 4.2.1
  • Common User Interface 3.0.5
CVE CVE-2022-3895

Problem[edit | edit source]

Some UI elements of the Common user interface component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).

Solution[edit | edit source]

Upgrade to Common User Interface 3.0.5 or later. This is included in BlueSpice 4.2.1 or later.

Acknowledgements[edit | edit source]

Found during an internal security audit.

No categories assignedEdit

Discussions