You are viewing an old version of this page. Return to the latest version.

Last edited 3 years ago
by Mglaser

BSSA-2022-01

Revision as of 16:23, 25 April 2022 by Margit Link-Rodrigue (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)



Date	2022-04-25
Severity	Medium
Affected	BlueSpice 4.x
Fixed in	4.1.3

Problem

Users are able to inject arbitrary HTML (XSS) on regular pages, using a special value for the <code>title</code> parameter. This can be triggered via URL.

Solution

Upgrade to BlueSpice 4.1.3

Acknowledgements

Special thanks to the security team of an undisclosed customer

Retrieved from "https://en.wiki4.bluespice.com/w/index.php?title=Security:Security_Advisories/BSSA-2022-01&oldid=3309"