Headline
CVE-2022-3958: Security:Security Advisories/BSSA-2022-07 - BlueSpice Wiki
Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks.
Date
2022-11-15
Severity
Medium
Affected
BlueSpice 4.x
Fixed in
BlueSpice 4.2.1
CVE
CVE-2022-3958
Problem[edit | edit source]
Users with edit rights are able to inject arbitrary HTML (XSS) into a user’s personal navigation by editing a menu item. This allows for targeted attacks
Solution[edit | edit source]
Upgrade to BlueSpice 4.2.1
Acknowledgements[edit | edit source]
Found during an internal security audit.