CVE-2025-57880 | THREATINT

Description

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.

PUBLISHED Reserved 2025-09-18 | Published 2025-09-19 | Updated 2025-09-19 | Assigner HW

MEDIUM: 5.9CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-116 Improper Encoding or Escaping of Output

Product status

Default status

affected

5 (semver)

affected

References

en.wiki.bluespice.com/...ty:Security_Advisories/BSSA-2025-05

cve.org (CVE-2025-57880)

nvd.nist.gov (CVE-2025-57880)

Download JSON