{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T16:56:42.012","vulnerabilities":[{"cve":{"id":"CVE-2022-41789","sourceIdentifier":"security@bluespice.com","published":"2022-11-15T15:15:14.957","lastModified":"2026-06-17T05:03:50.103","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage."},{"lang":"es","value":"Vulnerabilidad de Cross-Site Scripting (XSS) en BlueSpiceDiscovery skin de BlueSpice permite que un usuario que haya iniciado sesión con permisos de edición inyecte HTML arbitrario en el encabezado de página predeterminado de una página wiki."}],"affected":[{"source":"security@bluespice.com","affectedData":[{"vendor":"Hallo Welt! GmbH","product":"BlueSpice","versions":[{"version":"4","lessThan":"4.2.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@bluespice.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-29T20:08:50.836561Z","id":"CVE-2022-41789","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@bluespice.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hallowelt:bluespice:*:*:*:*:*:*:*:*","versionStartIncluding":"4.1.0","versionEndExcluding":"4.2.1","matchCriteriaId":"696F93D5-AB35-4EA3-AEDB-9C868E94ED6D"}]}]}],"references":[{"url":"https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04","source":"security@bluespice.com","tags":["Vendor Advisory"]},{"url":"https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2022-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}