CVE-2022-41814 - Vulnerability Details - OpenCVE

Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hallowelt	Bluespice

Configuration 1 [-]

cpe:2.3:a:hallowelt:bluespice:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04

History

No history.

MITRE

Status: PUBLISHED

Assigner: HW

Published: 2022-11-15T14:24:50.408039Z

Updated: 2024-09-16T16:32:47.152Z

Reserved: 2022-10-07T00:00:00

Link: CVE-2022-41814

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-15T15:15:16.007

Modified: 2024-11-21T07:23:53.390

Link: CVE-2022-41814

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hallowelt:bluespice:*:*:*:*:*:*:*:*", "matchCriteriaId": "696F93D5-AB35-4EA3-AEDB-9C868E94ED6D", "versionEndExcluding": "4.2.1", "versionStartIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en la extensi\u00f3n BlueSpiceFoundation de BlueSpice permite a un usuario con cuenta normal y permisos de edici\u00f3n inyectar HTML arbitrario en la vista del historial de una p\u00e1gina wiki."}], "id": "CVE-2022-41814", "lastModified": "2024-11-21T07:23:53.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "security@bluespice.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-15T15:15:16.007", "references": [{"source": "security@bluespice.com", "tags": ["Vendor Advisory"], "url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04"}], "sourceIdentifier": "security@bluespice.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@bluespice.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}