Arbitrary HTML Injection in BlueSpiceDiscovery Skin of BlueSpice

Arbitrary HTML Injection in BlueSpiceDiscovery Skin of BlueSpice

CVE-2022-41611 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application.

Learn more about our User Device Pen Test.