Lucene search

HWCVELIST:CVE-2022-41814

HistoryNov 15, 2022 - 2:24 p.m.

CVE-2022-41814 Potential XSS in history view

2022-11-1514:24:50

CWE-79

www.cve.org

cve-2022-41814

cross-site scripting

bluespicefoundation

history view

wikipage

edit permissions

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.

CNA Affected

[
  {
    "vendor": "Hallo Welt! GmbH",
    "product": "BlueSpice",
    "versions": [
      {
        "version": "4",
        "status": "affected",
        "lessThan": "4.2.1",
        "versionType": "custom"
      }
    ]
  }
]

References

en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2022-41814