Cross-Site Scripting Vulnerability in BlueSpice by Hallo Welt! GmbH
CVE-2025-48007

5.9MEDIUM

Key Information:

Vendor: Hallo Welt! Gmbh
Status: Bluespice
Vendor: CVE Published:; 19 September 2025

🔔 Create Hallo Welt! Gmbh Vulnerability Alert

What is CVE-2025-48007?

The BlueSpice extension, BlueSpiceAvatars, has a vulnerability that allows attackers to exploit improper encoding or escaping of output, leading to Cross-Site Scripting (XSS) attacks. This can enable unauthorized scripts to be executed in the context of a user's browser. This issue impacts versions 5 through 5.1.1 of the BlueSpice product, posing potential threats to user data and application integrity.

Affected Version(s)

BlueSpice 5 <= 5.1.1

References

https://en.wiki.bluespice.com/wiki/Security:Security_Advi...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Sep 18, 2025