Auto-merge PR#8029

2025-08-04 08:44:25 +00:00 · 2022-11-15 09:25:13 -05:00 · 2022-11-15 09:25:13 -05:00 · 72cc492042
commit 72cc492042
parent 0b56dde95e 895f6cec3a
1 changed files with 94 additions and 16 deletions
--- a/2022/3xxx/CVE-2022-3958.json
+++ b/2022/3xxx/CVE-2022-3958.json
@ -1,18 +1,96 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-3958",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
+  "data_type": "CVE",
+  "data_format": "MITRE",
+  "data_version": "4.0",
+  "generator": {
+    "engine": "Vulnogram 0.0.9"
+  },
+  "CVE_data_meta": {
+    "ID": "CVE-2022-3958",
+    "ASSIGNER": "security@bluespice.com",
+    "DATE_PUBLIC": "2022-11-15T09:00:00.000Z",
+    "TITLE": "Potential XSS on personal menu navigation",
+    "STATE": "PUBLIC"
+  },
+  "source": {
+    "advisory": "BSSA-2022-07",
+    "discovery": "INTERNAL"
+  },
+  "affects": {
+    "vendor": {
+      "vendor_data": [
+        {
+          "vendor_name": "Hallo Welt! GmbH",
+          "product": {
+            "product_data": [
+              {
+                "product_name": "BlueSpice",
+                "version": {
+                  "version_data": [
+                    {
+                      "version_name": "4",
+                      "version_affected": "<",
+                      "version_value": "4.2.1",
+                      "platform": ""
+                    }
+                  ]
+                }
+              }
+            ]
+          }
+        }
+      ]
    }
-}
+  },
+  "problemtype": {
+    "problemtype_data": [
+      {
+        "description": [
+          {
+            "lang": "eng",
+            "value": "CWE-79 Cross-site Scripting (XSS)"
+          }
+        ]
+      }
+    ]
+  },
+  "description": {
+    "description_data": [
+      {
+        "lang": "eng",
+        "value": "Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks."
+      }
+    ]
+  },
+  "references": {
+    "reference_data": [
+      {
+        "refsource": "CONFIRM",
+        "url": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-07",
+        "name": "https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-07"
+      }
+    ]
+  },
+  "impact": {
+    "cvss": {
+      "version": "3.1",
+      "attackVector": "LOCAL",
+      "attackComplexity": "LOW",
+      "privilegesRequired": "LOW",
+      "userInteraction": "NONE",
+      "scope": "UNCHANGED",
+      "confidentialityImpact": "LOW",
+      "integrityImpact": "NONE",
+      "availabilityImpact": "NONE",
+      "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+      "baseScore": 3.3,
+      "baseSeverity": "LOW"
+    }
+  },
+  "solution": [
+    {
+      "lang": "eng",
+      "value": "Upgrade to BlueSpice 4.2.1 or later"
+    }
+  ]
+}