Security:Security Advisories: Difference between revisions

Latest revision as of 12:06, 20 January 2025

Release name	Release date	Title	References	Summary
BSSA-2025-01	2025-01-20	Security vulnerabilities in Extension:DataTransfer	CVE-2025-23081	Allows Cross Site Request Forgery, Cross-Site Scripting (XSS)
BSSA-2023-01	2023-07-25	Ghostscript vulnerability	CVE-2023-36664	Code can be executed on the server via a manipulated PDF
BSSA-2022-08	2022-11-15	XSS attack vector on regular pages	CVE-2022-3895	Arbitrary HTML injection through use of interface elements
BSSA-2022-07	2022-11-15	XSS attack vector on regular pages	CVE-2022-3958	Arbitrary HTML injection through personal menu items
BSSA-2022-06	2022-11-15	XSS attack vector on regular pages	CVE-2022-3893	Arbitrary HTML injection through the custom menu
BSSA-2022-05	2022-11-15	XSS attack vector on regular pages	CVE-2022-42001	Arbitrary HTML injection through the book navigation
BSSA-2022-04	2022-11-15	XSS attack vector on regular pages	CVE-2022-41789, CVE-2022-41814, CVE-2022-42000	Arbitrary HTML injection through user preferences
BSSA-2022-03	2022-11-15	XSS attack vector on regular pages	CVE-2022-41611	Arbitrary HTML injection through main navigation
BSSA-2022-02	2022-11-15	XSS attack vector on regular pages	CVE-2022-2511	Arbitrary HTML injection through the 'title' parameter
BSSA-2022-01	2022-01-31	XSS attack vector in Search Center	CVE-2022-2510	JavaScript in search field is reflected back to the browser.

@@ Line 5: / Line 5: @@
 !References
 !Summary
+|-
+|[[Security:Security Advisories/BSSA-2025-01|BSSA-2025-01]]
+|2025-01-20
+|Security vulnerabilities in Extension:DataTransfer
+|[https://www.cve.org/CVERecord?id=CVE-2025-23081 CVE-2025-23081]
+|Allows Cross Site Request Forgery, Cross-Site Scripting (XSS)
 |-
 |[[Security:Security Advisories/BSSA-2023-01|BSSA-2023-01]]