CVE-2022-3958

🗓️ 15 Nov 2022 15:13:15Reported by HWType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 31 Views

Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks

Reporter	Title	Published	Views	Family All 3
Prion	Cross site scripting	15 Nov 202215:15	–	prion
Cvelist	CVE-2022-3958 Potential XSS on personal menu navigation	15 Nov 202214:24	–	cvelist
NVD	CVE-2022-3958	15 Nov 202215:15	–	nvd

Nvd

Node

hallowelt bluespiceRange4.1.0–4.2.1

[
  {
    "vendor": "Hallo Welt! GmbH",
    "product": "BlueSpice",
    "versions": [
      {
        "version": "4",
        "status": "affected",
        "lessThan": "4.2.1",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
en	www.en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-07

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Nov 2022 15:15Current

4.5Medium risk

Vulners AI Score4.5

CVSS33.3 - 5.4

EPSS0.00054

CWE-79