CVE-2022-3958

Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
HWCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
halloweltbluespice
4.1.0 ≤
𝑥
< 4.2.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-07
https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-07