Lucene search

HWCVELIST:CVE-2022-41611

HistoryNov 15, 2022 - 2:24 p.m.

CVE-2022-41611 Potential XSS on sidebar navigation

2022-11-1514:24:49

CWE-79

www.cve.org

cve-2022-41611

cross-site scripting

admin privileges

main navigation

bluespice

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application.

CNA Affected

[
  {
    "vendor": "Hallo Welt! GmbH",
    "product": "BlueSpice",
    "versions": [
      {
        "version": "4",
        "status": "affected",
        "lessThan": "4.2.1",
        "versionType": "custom"
      }
    ]
  }
]

References

en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-03

CVSS3

2.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2022-41611