CVE-2025-48007

Medium CVSS: 5.9

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS).
This issue affects BlueSpice: from 5 through 5.1.1.

Vendor

Hallowelt

Product

Bluespice

CWE

CWE-116

Yayın Tarihi

2025-09-19 14:15:45

Güncelleme

2025-09-22 16:21:58

Source Identifier

security@bluespice.com

KEV Date Added

Kategoriler

CWE-116 Bluespice MEDIUM Hallowelt 2025

Referanslar

https://en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2025-05

Benzer Kayıtlar

Medium

CVE-2025-58114

Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension:CognitiveProcessDesigner) allows Cross-…

Medium

CVE-2025-57880

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) all…

Medium

CVE-2025-46703

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-…