Описание
Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks.
Уязвимые конфигурации
Конфигурация 1Версия от 4.1.0 (включая) до 4.2.1 (исключая)
cpe:2.3:a:hallowelt:bluespice:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00298
Низкий
3.3 Low
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
около 3 лет назад
Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks.
EPSS
Процентиль: 53%
0.00298
Низкий
3.3 Low
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79