Last edited 4 days ago
by Margit Link-Rodrigue

Security:Security Advisories: Difference between revisions

VisualWikitext
No edit summary
Tag: 2017 source edit
Tags: Replaced 2017 source edit
 
Line 1: Line 1:
{| class="wikitable sortable" style="width:100%;"
[[en5:Security:Security_Advisories|The list of security advisories is located on the BlueSpice 5 helpdesk.]]
!Release name
!Release date
!Title
!References
!Summary
|-
|[[Security:Security Advisories/BSSA-2025-02|BSSA-2025-02]]
|2025-04-17
|Security vulnerabilities in Extension:OAuth
|[https://www.cve.org/CVERecord?id=CVE-2025-32068 CVE-2025-32068], [https://www.cve.org/CVERecord?id=CVE-2025-32074 CVE-2025-32074]
|Allows unauthorized access to the wiki, Cross-Site Scripting (XSS)
|-
|[[Security:Security Advisories/BSSA-2025-01|BSSA-2025-01]]
|2025-01-20
|Security vulnerabilities in Extension:DataTransfer
|[https://www.cve.org/CVERecord?id=CVE-2025-23081 CVE-2025-23081]
|Allows Cross Site Request Forgery, Cross-Site Scripting (XSS)
|-
|[[Security:Security Advisories/BSSA-2023-01|BSSA-2023-01]]
|2023-07-25
|Ghostscript vulnerability
|[https://www.cve.org/CVERecord?id=CVE-2023-36664 CVE-2023-36664]
|Code can be executed on the server via a manipulated PDF
|-
|[[Security:Security Advisories/BSSA-2022-08|BSSA-2022-08]]
|2022-11-15
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-3895 CVE-2022-3895]
|Arbitrary HTML injection through use of interface elements
|-
|[[Security:Security Advisories/BSSA-2022-07|BSSA-2022-07]]
|2022-11-15
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-3958 CVE-2022-3958]
|Arbitrary HTML injection through personal menu items
|-
|[[Security:Security Advisories/BSSA-2022-06|BSSA-2022-06]]
|2022-11-15
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-3893 CVE-2022-3893]
|Arbitrary HTML injection through the custom menu
|-
|[[Security:Security Advisories/BSSA-2022-05|BSSA-2022-05]]
|2022-11-15
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-42001 CVE-2022-42001]
|Arbitrary HTML injection through the book navigation
|-
|[[Security:Security Advisories/BSSA-2022-04|BSSA-2022-04]]
|2022-11-15
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-41789 CVE-2022-41789], [https://www.cve.org/CVERecord?id=CVE-2022-41814 CVE-2022-41814], [https://www.cve.org/CVERecord?id=CVE-2022-42000 CVE-2022-42000]
|Arbitrary HTML injection through user preferences
|-
|[[Security:Security Advisories/BSSA-2022-03|BSSA-2022-03]]
|2022-11-15
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-41611 CVE-2022-41611]
|Arbitrary HTML injection through main navigation
|-
|[[Security:Security Advisories/BSSA-2022-02|BSSA-2022-02]]
|2022-11-15
|XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-2511 CVE-2022-2511]
|Arbitrary HTML injection through the 'title' parameter
|-
|[[Security:Security Advisories/BSSA-2022-01|BSSA-2022-01]]
|2022-01-31
|XSS attack vector in Search Center
|[https://www.cve.org/CVERecord?id=CVE-2022-2510 CVE-2022-2510]
|JavaScript in search field is reflected back to the browser.
|}

Latest revision as of 14:57, 25 June 2025

The list of security advisories is located on the BlueSpice 5 helpdesk.

Retrieved from "https://en.wiki4.bluespice.com/w/index.php?title=Security:Security_Advisories&oldid=10696"