BSSA-2022-01

Date 2022-01-31
Severity Medium
Affected BlueSpice 3.x, BlueSpice 4.x
Fixed in BlueSpice 3.2.9, BlueSpice 4.1.1
CVE CVE-2022-2510

1. Problem

Users are able to inject arbitrary HTML (XSS) on Special:SearchCenter, using the search term. This can be triggered via URL.

2. Solution

Upgrade to BlueSpice 4.1.1

3. Acknowledgements

Special thanks to the security team of an undisclosed customer

Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2022-01&oldid=3911"
No categories assignedEdit

Discussions