Javascript Library jQuery UI Security Update (MINDBREEZE25399)
ID: MINDBREEZE25399
Affected Components: Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 6.1 Medium
Status: Final
First published: January 25, 2023
CVEs: CVE-2022-31160
Summary
This vulnerability may allow running cross-site scripting (XSS) attacks due to improper jQuery _getCreateOptions method.
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
-
Mindbreeze InSpire 22.3 Release (Version 22.3.0.1109)
-
Mindbreeze InSpire SaaS 22.3 Release (Version 22.3.0.1109)