Insight App Designer and Apps Overview: XSS via Inclusion of External Script (MINDBREEZE30948)

ID: MINDBREEZE30948 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 6.5 Medium 
Status: Final 
First published: May 15, 2024 
CVEs: MINDBREEZE30947 

Summary

• Insight App Designer XSS and Apps: via Inclusion of External Script via URL Parameter

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 24.2 Hotfix 1 Release 
• Mindbreeze InSpire SaaS 24.2 Hotfix 1 Release