Security:Security Advisories: Difference between revisions

Back to version history
Browse history interactively
← Older edit
VisualWikitext
Redaktion (talk | contribs)
ES_editors, Administrators
7,863 edits
No edit summary
Tag: 2017 source edit
Redaktion (talk | contribs)
ES_editors, Administrators
7,863 edits
No edit summary
 
Line 1: Line 1:
{| class="wikitable sortable" style="width:100%;"
{| class="wikitable sortable" style="width:100%;"
!Release name
! style="" |Release name
!Release date
! style="" |Release date
!Title
! style="" |Title
!References
! style="" |References
!Summary
! style="" |Summary
|-
|-
|[[Security:Security Advisories/BSSA-2025-01|BSSA-2025-01]]
| style="" |[[Security:Security Advisories/BSSA-2025-02|BSSA-2025-02]]
|2025-01-20
| style="" |2025-04-17
|Security vulnerabilities in Extension:DataTransfer
| style="" |Security vulnerabilities in Extension:OAuth
|[https://www.cve.org/CVERecord?id=CVE-2025-23081 CVE-2025-23081]
| style="" |[https://www.cve.org/CVERecord?id=CVE-2025-32068 CVE-2025-32068], [https://www.cve.org/CVERecord?id=CVE-2025-32074 CVE-2025-32074]
|Allows Cross Site Request Forgery, Cross-Site Scripting (XSS)
| style="" |Allows unauthorized access to the wiki, Cross-Site Scripting (XSS)
|-
|-
|[[Security:Security Advisories/BSSA-2023-01|BSSA-2023-01]]
| style="" |[[Security:Security Advisories/BSSA-2025-01|BSSA-2025-01]]
|2023-07-25
| style="" |2025-01-20
|Ghostscript vulnerability
| style="" |Security vulnerabilities in Extension:DataTransfer
|[https://www.cve.org/CVERecord?id=CVE-2023-36664 CVE-2023-36664]
| style="" |[https://www.cve.org/CVERecord?id=CVE-2025-23081 CVE-2025-23081]
|Code can be executed on the server via a manipulated PDF
| style="" |Allows Cross Site Request Forgery, Cross-Site Scripting (XSS)
|-
|-
|[[Security:Security Advisories/BSSA-2022-08|BSSA-2022-08]]
| style="" |[[Security:Security Advisories/BSSA-2023-01|BSSA-2023-01]]
|2022-11-15
| style="" |2023-07-25
|XSS attack vector on regular pages
| style="" |Ghostscript vulnerability
|[https://www.cve.org/CVERecord?id=CVE-2022-3895 CVE-2022-3895]
| style="" |[https://www.cve.org/CVERecord?id=CVE-2023-36664 CVE-2023-36664]
|Arbitrary HTML injection through use of interface elements
| style="" |Code can be executed on the server via a manipulated PDF
|-
|-
|[[Security:Security Advisories/BSSA-2022-07|BSSA-2022-07]]
| style="" |[[Security:Security Advisories/BSSA-2022-08|BSSA-2022-08]]
|2022-11-15
| style="" |2022-11-15
|XSS attack vector on regular pages
| style="" |XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-3958 CVE-2022-3958]
| style="" |[https://www.cve.org/CVERecord?id=CVE-2022-3895 CVE-2022-3895]
|Arbitrary HTML injection through personal menu items
| style="" |Arbitrary HTML injection through use of interface elements
|-
|-
|[[Security:Security Advisories/BSSA-2022-06|BSSA-2022-06]]
| style="" |[[Security:Security Advisories/BSSA-2022-07|BSSA-2022-07]]
|2022-11-15
| style="" |2022-11-15
|XSS attack vector on regular pages
| style="" |XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-3893 CVE-2022-3893]
| style="" |[https://www.cve.org/CVERecord?id=CVE-2022-3958 CVE-2022-3958]
|Arbitrary HTML injection through the custom menu
| style="" |Arbitrary HTML injection through personal menu items
|-
|-
|[[Security:Security Advisories/BSSA-2022-05|BSSA-2022-05]]
| style="" |[[Security:Security Advisories/BSSA-2022-06|BSSA-2022-06]]
|2022-11-15
| style="" |2022-11-15
|XSS attack vector on regular pages
| style="" |XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-42001 CVE-2022-42001]
| style="" |[https://www.cve.org/CVERecord?id=CVE-2022-3893 CVE-2022-3893]
|Arbitrary HTML injection through the book navigation
| style="" |Arbitrary HTML injection through the custom menu
|-
|-
|[[Security:Security Advisories/BSSA-2022-04|BSSA-2022-04]]
| style="" |[[Security:Security Advisories/BSSA-2022-05|BSSA-2022-05]]
|2022-11-15
| style="" |2022-11-15
|XSS attack vector on regular pages
| style="" |XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-41789 CVE-2022-41789], [https://www.cve.org/CVERecord?id=CVE-2022-41814 CVE-2022-41814], [https://www.cve.org/CVERecord?id=CVE-2022-42000 CVE-2022-42000]
| style="" |[https://www.cve.org/CVERecord?id=CVE-2022-42001 CVE-2022-42001]
|Arbitrary HTML injection through user preferences
| style="" |Arbitrary HTML injection through the book navigation
|-
|-
|[[Security:Security Advisories/BSSA-2022-03|BSSA-2022-03]]
| style="" |[[Security:Security Advisories/BSSA-2022-04|BSSA-2022-04]]
|2022-11-15
| style="" |2022-11-15
|XSS attack vector on regular pages
| style="" |XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-41611 CVE-2022-41611]
| style="" |[https://www.cve.org/CVERecord?id=CVE-2022-41789 CVE-2022-41789], [https://www.cve.org/CVERecord?id=CVE-2022-41814 CVE-2022-41814], [https://www.cve.org/CVERecord?id=CVE-2022-42000 CVE-2022-42000]
|Arbitrary HTML injection through main navigation
| style="" |Arbitrary HTML injection through user preferences
|-
|-
|[[Security:Security Advisories/BSSA-2022-02|BSSA-2022-02]]
| style="" |[[Security:Security Advisories/BSSA-2022-03|BSSA-2022-03]]
|2022-11-15
| style="" |2022-11-15
|XSS attack vector on regular pages
| style="" |XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-2511 CVE-2022-2511]
| style="" |[https://www.cve.org/CVERecord?id=CVE-2022-41611 CVE-2022-41611]
|Arbitrary HTML injection through the 'title' parameter
| style="" |Arbitrary HTML injection through main navigation
|-
|-
|[[Security:Security Advisories/BSSA-2022-01|BSSA-2022-01]]
| style="" |[[Security:Security Advisories/BSSA-2022-02|BSSA-2022-02]]
|2022-01-31
| style="" |2022-11-15
|XSS attack vector in Search Center
| style="" |XSS attack vector on regular pages
|[https://www.cve.org/CVERecord?id=CVE-2022-2510 CVE-2022-2510]
| style="" |[https://www.cve.org/CVERecord?id=CVE-2022-2511 CVE-2022-2511]
|JavaScript in search field is reflected back to the browser.
| style="" |Arbitrary HTML injection through the 'title' parameter
|-
| style="" |[[Security:Security Advisories/BSSA-2022-01|BSSA-2022-01]]
| style="" |2022-01-31
| style="" |XSS attack vector in Search Center
| style="" |[https://www.cve.org/CVERecord?id=CVE-2022-2510 CVE-2022-2510]
| style="" |JavaScript in search field is reflected back to the browser.
|}
|}

Latest revision as of 10:10, 25 June 2025

Release name Release date Title References Summary
BSSA-2025-02 2025-04-17 Security vulnerabilities in Extension:OAuth CVE-2025-32068, CVE-2025-32074 Allows unauthorized access to the wiki, Cross-Site Scripting (XSS)
BSSA-2025-01 2025-01-20 Security vulnerabilities in Extension:DataTransfer CVE-2025-23081 Allows Cross Site Request Forgery, Cross-Site Scripting (XSS)
BSSA-2023-01 2023-07-25 Ghostscript vulnerability CVE-2023-36664 Code can be executed on the server via a manipulated PDF
BSSA-2022-08 2022-11-15 XSS attack vector on regular pages CVE-2022-3895 Arbitrary HTML injection through use of interface elements
BSSA-2022-07 2022-11-15 XSS attack vector on regular pages CVE-2022-3958 Arbitrary HTML injection through personal menu items
BSSA-2022-06 2022-11-15 XSS attack vector on regular pages CVE-2022-3893 Arbitrary HTML injection through the custom menu
BSSA-2022-05 2022-11-15 XSS attack vector on regular pages CVE-2022-42001 Arbitrary HTML injection through the book navigation
BSSA-2022-04 2022-11-15 XSS attack vector on regular pages CVE-2022-41789, CVE-2022-41814, CVE-2022-42000 Arbitrary HTML injection through user preferences
BSSA-2022-03 2022-11-15 XSS attack vector on regular pages CVE-2022-41611 Arbitrary HTML injection through main navigation
BSSA-2022-02 2022-11-15 XSS attack vector on regular pages CVE-2022-2511 Arbitrary HTML injection through the 'title' parameter
BSSA-2022-01 2022-01-31 XSS attack vector in Search Center CVE-2022-2510 JavaScript in search field is reflected back to the browser.
Retrieved from "https://en.wiki.bluespice.com/w/index.php?title=Security:Security_Advisories&oldid=12380"