Cross-Site Scripting Vulnerability in BlueSpice by Hallo Welt! GmbH
CVE-2025-57880

5.9MEDIUM

Key Information:

Vendor: Hallo Welt! Gmbh
Status: Bluespice
Vendor: CVE Published:; 19 September 2025

🔔 Create Hallo Welt! Gmbh Vulnerability Alert

What is CVE-2025-57880?

An improper encoding or escaping of output vulnerability exists within the BlueSpiceWhoIsOnline extension of BlueSpice, developed by Hallo Welt! GmbH. This flaw allows attackers to execute arbitrary JavaScript in the context of a user's session, leading to potential data theft or manipulation. Specifically, versions from BlueSpice 5 to 5.1.1 are affected, necessitating immediate attention to secure application environments. For detailed information, refer to the official security advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BlueSpice 5 <= 5.1.1

References

https://en.wiki.bluespice.com/wiki/Security:Security_Advi...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Sep 18, 2025

JSON

Hallo Welt! Gmbh