Lucene search

HWCVELIST:CVE-2022-42001

HistoryNov 15, 2022 - 2:24 p.m.

CVE-2022-42001 Potential XSS in book navigation

2022-11-1514:24:50

CWE-79

www.cve.org

cve-2022-42001

xss

vulnerability

bluespice

bookshelf

extension

injection

html

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.

CNA Affected

[
  {
    "vendor": "Hallo Welt! GmbH",
    "product": "BlueSpice",
    "versions": [
      {
        "version": "4",
        "status": "affected",
        "lessThan": "4.2.1",
        "versionType": "custom"
      }
    ]
  }
]

References

en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-05

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2022-42001