Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

ID: MINDBREEZE15232 Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 3.5 Low Status: Final First published: 14.10.2020  Summary In mustache version 2.2.1, it is no longer possible to pass executable code via input files. This is patched in the vendor mustache.js Severity: AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N Impact This vulnerability may allow running cross-site scripting (XSS) attacks via input filelds in mustache templates. Remediation Hotfix Information
ID: MINDBREEZE15034 Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 4.8 Medium Status: Final First published: 14.10.2020 CVEs: CVE-2020-14583, CVE-2020-14593, CVE-2020-14556, CVE-2020-14578, CVE-2020-14579, CVE-2020-14621, CVE-2020-14577   Summary OpenJDK Security Update 8u262 contains fixes for the following CVEs:
ID: MINDBREEZE14915 Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 6.1 Medium Status: Final First published: 14.10.2020 CVEs: CVE-2020-11022  Summary In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. Impact This vulnerability may allow running cross-site scripting (XSS) attacks due to improper injQuery.htmlPrefilter method.
ID: MINDBREEZE14146 Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS Severity: 5.3 Medium Status: Final First published: 19.08.2020 CVEs: CVE-2020-2754, CVE-2020-2755,CVE-2020-2756, CVE-2020-2757, CVE-2020-2773, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830  Summary OpenJDK Security Update 8u262 contains fixes for the following CVEs: