CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).

Date

2022-11-15

Severity

Medium

Affected

*   BlueSpice 4.x
*   Common User Interface 3.0.x

Fixed in

*   BlueSpice 4.2.1
*   Common User Interface 3.0.5

CVE

CVE-2022-3895

**Problem\[edit | edit source\]**

Some UI elements of the Common user interface component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS).

**Solution\[edit | edit source\]**

Upgrade to Common User Interface 3.0.5 or later. This is included in BlueSpice 4.2.1 or later.

**Acknowledgements\[edit | edit source\]**

Found during an internal security audit.

Headline

CVE-2022-3895: Security:Security Advisories/BSSA-2022-08 - BlueSpice Wiki

CVE: Latest News