Arbitrary HTML Injection in BlueSpiceUserSidebar Extension: Targeted XSS Vulnerability
CVE-2022-3958 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks.
Learn more about our User Device Pen Test.