Arbitrary HTML Injection in BlueSpiceCustomMenu Extension: Cross-Site Scripting (XSS) Vulnerability

Arbitrary HTML Injection in BlueSpiceCustomMenu Extension: Cross-Site Scripting (XSS) Vulnerability

CVE-2022-3893 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application.

Learn more about our User Device Pen Test.