cvelistv5 - CVE-2022-41789

CVE-2022-41789 (GCVE-0-2022-41789)

Vulnerability from cvelistv5 – Published: 2022-11-15 14:24 – Updated: 2025-04-29 20:08

Summary

Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-79 - Cross-site Scripting (XSS)

Assigner

References

URL

Tags

https://en.wiki.bluespice.com/wiki/Security:Secur…

Impacted products

	Vendor	Product	Version
	Hallo Welt! GmbH	BlueSpice	Affected: 4 , < 4.2.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:43.793Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41789",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-29T20:08:50.836561Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-29T20:08:57.304Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BlueSpice",
          "vendor": "Hallo Welt! GmbH",
          "versions": [
            {
              "lessThan": "4.2.1",
              "status": "affected",
              "version": "4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-11-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-15T00:00:00.000Z",
        "orgId": "ff95705b-1a40-4639-8017-a58fa868baee",
        "shortName": "HW"
      },
      "references": [
        {
          "url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to BlueSpice 4.2.1 or later"
        }
      ],
      "source": {
        "advisory": "BSSA-2022-04",
        "discovery": "INTERNAL"
      },
      "title": "Potential XSS on default page header",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ff95705b-1a40-4639-8017-a58fa868baee",
    "assignerShortName": "HW",
    "cveId": "CVE-2022-41789",
    "datePublished": "2022-11-15T14:24:50.166Z",
    "dateReserved": "2022-10-07T00:00:00.000Z",
    "dateUpdated": "2025-04-29T20:08:57.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:hallowelt:bluespice:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1.0\", \"versionEndExcluding\": \"4.2.1\", \"matchCriteriaId\": \"696F93D5-AB35-4EA3-AEDB-9C868E94ED6D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de Cross-Site Scripting (XSS) en BlueSpiceDiscovery skin de BlueSpice permite que un usuario que haya iniciado sesi\\u00f3n con permisos de edici\\u00f3n inyecte HTML arbitrario en el encabezado de p\\u00e1gina predeterminado de una p\\u00e1gina wiki.\"}]",
      "id": "CVE-2022-41789",
      "lastModified": "2024-11-21T07:23:50.913",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@bluespice.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
      "published": "2022-11-15T15:15:14.957",
      "references": "[{\"url\": \"https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04\", \"source\": \"security@bluespice.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@bluespice.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@bluespice.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41789\",\"sourceIdentifier\":\"security@bluespice.com\",\"published\":\"2022-11-15T15:15:14.957\",\"lastModified\":\"2024-11-21T07:23:50.913\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de Cross-Site Scripting (XSS) en BlueSpiceDiscovery skin de BlueSpice permite que un usuario que haya iniciado sesi\u00f3n con permisos de edici\u00f3n inyecte HTML arbitrario en el encabezado de p\u00e1gina predeterminado de una p\u00e1gina wiki.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@bluespice.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security@bluespice.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hallowelt:bluespice:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndExcluding\":\"4.2.1\",\"matchCriteriaId\":\"696F93D5-AB35-4EA3-AEDB-9C868E94ED6D\"}]}]}],\"references\":[{\"url\":\"https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04\",\"source\":\"security@bluespice.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:49:43.793Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41789\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-29T20:08:50.836561Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-29T20:08:53.712Z\"}}], \"cna\": {\"title\": \"Potential XSS on default page header\", \"source\": {\"advisory\": \"BSSA-2022-04\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Hallo Welt! GmbH\", \"product\": \"BlueSpice\", \"versions\": [{\"status\": \"affected\", \"version\": \"4\", \"lessThan\": \"4.2.1\", \"versionType\": \"custom\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to BlueSpice 4.2.1 or later\"}], \"datePublic\": \"2022-11-15T00:00:00.000Z\", \"references\": [{\"url\": \"https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Cross-site Scripting (XSS)\"}]}], \"providerMetadata\": {\"orgId\": \"ff95705b-1a40-4639-8017-a58fa868baee\", \"shortName\": \"HW\", \"dateUpdated\": \"2022-11-15T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-41789\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-29T20:08:57.304Z\", \"dateReserved\": \"2022-10-07T00:00:00.000Z\", \"assignerOrgId\": \"ff95705b-1a40-4639-8017-a58fa868baee\", \"datePublished\": \"2022-11-15T14:24:50.166Z\", \"assignerShortName\": \"HW\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-FQ8V-GXM4-M5GV

Vulnerability from github – Published: 2022-11-15 19:00 – Updated: 2022-11-17 03:30

Details

Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.

Severity ?

5.4 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-41789"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.",
  "id": "GHSA-fq8v-gxm4-m5gv",
  "modified": "2022-11-17T03:30:52Z",
  "published": "2022-11-15T19:00:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41789"
    },
    {
      "type": "WEB",
      "url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-41789

Vulnerability from fkie_nvd - Published: 2022-11-15 15:15 - Updated: 2024-11-21 07:23

Severity ?

3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.

References

	URL	Tags
	security@bluespice.com	https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04	Vendor Advisory

Impacted products

	Vendor	Product	Version
	hallowelt	bluespice	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hallowelt:bluespice:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "696F93D5-AB35-4EA3-AEDB-9C868E94ED6D",
              "versionEndExcluding": "4.2.1",
              "versionStartIncluding": "4.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Cross-Site Scripting (XSS) en BlueSpiceDiscovery skin de BlueSpice permite que un usuario que haya iniciado sesi\u00f3n con permisos de edici\u00f3n inyecte HTML arbitrario en el encabezado de p\u00e1gina predeterminado de una p\u00e1gina wiki."
    }
  ],
  "id": "CVE-2022-41789",
  "lastModified": "2024-11-21T07:23:50.913",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "security@bluespice.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-15T15:15:14.957",
  "references": [
    {
      "source": "security@bluespice.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04"
    }
  ],
  "sourceIdentifier": "security@bluespice.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security@bluespice.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-41789

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.

Aliases

CVE-2022-41789

Aliases

CVE-2022-41789

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41789",
    "id": "GSD-2022-41789"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-41789"
      ],
      "details": "Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.",
      "id": "GSD-2022-41789",
      "modified": "2023-12-13T01:19:32.974433Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@bluespice.com",
        "DATE_PUBLIC": "2022-11-15T09:00:00.000Z",
        "ID": "CVE-2022-41789",
        "STATE": "PUBLIC",
        "TITLE": "Potential XSS on default page header"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BlueSpice",
                    "version": {
                      "version_data": [
                        {
                          "platform": "",
                          "version_affected": "\u003c",
                          "version_name": "4",
                          "version_value": "4.2.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Hallo Welt! GmbH"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-79 Cross-site Scripting (XSS)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04",
            "refsource": "CONFIRM",
            "url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Upgrade to BlueSpice 4.2.1 or later"
        }
      ],
      "source": {
        "advisory": "BSSA-2022-04",
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hallowelt:bluespice:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.1",
                "versionStartIncluding": "4.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@bluespice.com",
          "ID": "CVE-2022-41789"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2022-11-16T19:42Z",
      "publishedDate": "2022-11-15T15:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-41789 (GCVE-0-2022-41789)

GHSA-FQ8V-GXM4-M5GV

FKIE_CVE-2022-41789

GSD-2022-41789

Tags

Sightings

Nomenclature