Cross-Site Scripting Vulnerability in BlueSpice by Hallo Welt! GmbH
CVE-2025-46703

5.9MEDIUM

Key Information:

Vendor: Hallo Welt! Gmbh
Status: Bluespice
Vendor: CVE Published:; 19 September 2025

🔔 Create Hallo Welt! Gmbh Vulnerability Alert

What is CVE-2025-46703?

The BlueSpice software developed by Hallo Welt! GmbH contains an improper encoding or escaping of output vulnerability within the AtMentions extension. This flaw may allow an attacker to conduct Cross-Site Scripting (XSS) attacks, compromising the security of users by injecting malicious scripts. The vulnerability affects BlueSpice versions 5 through 5.1.1, highlighting the importance of prompt updates and secure coding practices.

Affected Version(s)

BlueSpice 5 <= 5.1.1

References

https://en.wiki.bluespice.com/wiki/Security:Security_Advi...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Sep 18, 2025