Arbitrary HTML Injection Vulnerability in BlueSpiceBookshelf Extension

Arbitrary HTML Injection Vulnerability in BlueSpiceBookshelf Extension

CVE-2022-42001 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.

Learn more about our User Device Pen Test.