CVE-2022-3958

Potential XSS on personal menu navigation

CVSS 3.3 LOWEPSS 0.3%CWE-79

Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Hallo Welt! GmbH · BlueSpice

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-07