| Date | 2022-11-15 |
| Severity | Medium |
| Affected |
|
| Fixed in |
|
| CVE | CVE-2022-3895 |
Problem[edit | edit source]
Some UI elements of the Common user interface component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).
Solution[edit | edit source]
Upgrade to Common User Interface 3.0.5 or later. This is included in BlueSpice 4.2.1 or later.
Acknowledgements[edit | edit source]
Found during an internal security audit.