Description
Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.
Published: 2022-11-15
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

Upgrade to BlueSpice 4.2.1 or later

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-45104 Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.
History

Tue, 29 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Hallowelt Bluespice
cve-icon MITRE

Status: PUBLISHED

Assigner: HW

Published:

Updated: 2025-04-29T15:51:06.904Z

Reserved: 2022-10-07T00:00:00.000Z

Link: CVE-2022-42001

cve-icon Vulnrichment

Updated: 2024-08-03T12:56:39.262Z

cve-icon NVD

Status : Modified

Published: 2022-11-15T15:15:18.243

Modified: 2024-11-21T07:24:14.807

Link: CVE-2022-42001

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses