Last edited one day ago
by Mglaser

Security Advisories

Release name Release date Title References Summary
BSSA-2025-05 2025-09-19 XSS in Extension:AtMentions, Extension:BlueSpiceAvatars, Extension:BlueSpiceWhoIsOnline and Extension:CognitiveProcessDesigner CVE-2025-46703, CVE-2025-48007, CVE-2025-57880,CVE-2025-57880 Cross-Site Scripting (XSS)
BSSA-2025-04 2025-09-18 Security vulnerabilities in services bluespice/search, bluespice/formular and bluespice/wiki CVE-2025-54988, CVE-2025-7783, CVE-2025-58050, CVE-2025-49796 Denial-of-Service, Information Disclosure
BSSA-2025-03 2025-07-28 Security vulnerabilities in Extension:Scribunto, Extension:TabberNeue, Extension:TwoColConflict and Extension:Quiz CVE-2025-53501, CVE-2025-53494, CVE-2025-53093, CVE-2025-7057 Information Disclosure, Cross-Site Scripting (XSS)
BSSA-2025-02 2025-04-17 Security vulnerabilities in Extension:OAuth CVE-2025-32068, CVE-2025-32074 Allows unauthorized access to the wiki, Cross-Site Scripting (XSS)
BSSA-2025-01 2025-01-20 Security vulnerabilities in Extension:DataTransfer CVE-2025-23081 Allows Cross Site Request Forgery, Cross-Site Scripting (XSS)
BSSA-2023-01 2023-07-25 Ghostscript vulnerability CVE-2023-36664 Code can be executed on the server via a manipulated PDF
BSSA-2022-08 2022-11-15 XSS attack vector on regular pages CVE-2022-3895 Arbitrary HTML injection through use of interface elements
BSSA-2022-07 2022-11-15 XSS attack vector on regular pages CVE-2022-3958 Arbitrary HTML injection through personal menu items
BSSA-2022-06 2022-11-15 XSS attack vector on regular pages CVE-2022-3893 Arbitrary HTML injection through the custom menu
BSSA-2022-05 2022-11-15 XSS attack vector on regular pages CVE-2022-42001 Arbitrary HTML injection through the book navigation
BSSA-2022-04 2022-11-15 XSS attack vector on regular pages CVE-2022-41789, CVE-2022-41814, CVE-2022-42000 Arbitrary HTML injection through user preferences
BSSA-2022-03 2022-11-15 XSS attack vector on regular pages CVE-2022-41611 Arbitrary HTML injection through main navigation
BSSA-2022-02 2022-11-15 XSS attack vector on regular pages CVE-2022-2511 Arbitrary HTML injection through the 'title' parameter
BSSA-2022-01 2022-01-31 XSS attack vector in Search Center CVE-2022-2510 JavaScript in search field is reflected back to the browser.