Description

Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application.

Related CPE's

a

hallowelt

bluespice

Vulnerable

References

https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-03

Vendor Advisory

https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-03

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-79

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

2.3 · Low

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-15T14:15:14.117Z

3 years ago

Last modified

2024-11-21T06:23:29.430Z

1 year ago