Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

Javascript Library Mustache Security Update (MINDBREEZE15232)

ID: MINDBREEZE15232  Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 3.5 Low  Status: Final  First published: 14.10.2020  Summary In mustache version 2.2.1, it is no longer possible to pass executable code via input files. This is patched in the vendor mustache.js Severity: AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N Impact This vulnerability may allow running cross-site scripting (XSS) attacks via input filelds in mustache templates. Remediation Hotfix Information
Read more about Javascript Library Mustache Security Update (MINDBREEZE15232)

Javascript Library jQuery Security Update (MINDBREEZE15136)

ID: MINDBREEZE15136  Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 6.1 Medium  Status: Final  First published: February 2, 2021  CVEs: CVE-2020-11023  Summary In jQuery, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. Remediation Hotfix Information
Read more about Javascript Library jQuery Security Update (MINDBREEZE15136)

OpenJDK Security Update 8u262 (MINDBREEZE15034)

ID: MINDBREEZE15034  Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 4.8 Medium  Status: Final  First published: 14.10.2020  CVEs: CVE-2020-14583, CVE-2020-14593, CVE-2020-14556, CVE-2020-14578, CVE-2020-14579, CVE-2020-14621, CVE-2020-14577   Summary OpenJDK Security Update 8u262 contains fixes for the following CVEs:
Read more about OpenJDK Security Update 8u262 (MINDBREEZE15034)

Javascript Library jQuery Security Update (MINDBREEZE14915)

ID: MINDBREEZE14915  Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 6.1 Medium  Status: Final  First published: 14.10.2020  CVEs: CVE-2020-11022  Summary In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Read more about Javascript Library jQuery Security Update (MINDBREEZE14915)

OpenJDK Security Update 8u252 (MINDBREEZE14146)

ID: MINDBREEZE14146  Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS  Severity: 5.3 Medium  Status: Final  First published: 19.08.2020  CVEs: CVE-2020-2754, CVE-2020-2755,CVE-2020-2756, CVE-2020-2757, CVE-2020-2773, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830  Summary OpenJDK Security Update 8u262 contains fixes for the following CVEs:
Read more about OpenJDK Security Update 8u252 (MINDBREEZE14146)