Javascript Library jQuery UI Security Update (MINDBREEZE25399)

ID: MINDBREEZE25399 
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS 
Severity: 6.1 Medium 
Status: Final 
First published: January 25, 2023 
CVEs: CVE-2022-31160 

Summary

This vulnerability may allow running cross-site scripting (XSS) attacks due to improper jQuery _getCreateOptions method. 

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

• Mindbreeze InSpire 22.3 Release (Version 22.3.0.1109) 

• Mindbreeze InSpire SaaS 22.3 Release (Version 22.3.0.1109)