{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T00:20:47.343","vulnerabilities":[{"cve":{"id":"CVE-2022-3958","sourceIdentifier":"security@bluespice.com","published":"2022-11-15T15:15:13.057","lastModified":"2024-11-21T07:20:36.960","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks."},{"lang":"es","value":"Vulnerabilidad de Cross-Site Scripting (XSS) en la extensión BlueSpiceUserSidebar de BlueSpice permite a los usuarios con cuenta normal y permisos de edición inyectar HTML arbitrario en el menú de navegación personal de sus propios usuarios y de otros usuarios. Esto permite ataques dirigidos."}],"metrics":{"cvssMetricV31":[{"source":"security@bluespice.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@bluespice.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hallowelt:bluespice:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.2.1","matchCriteriaId":"696F93D5-AB35-4EA3-AEDB-9C868E94ED6D"}]}]}],"references":[{"url":"https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-07","source":"security@bluespice.com","tags":["Vendor Advisory"]},{"url":"https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-07","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}