Cross-Site Scripting Vulnerability in BlueSpice by Hallo Welt! GmbH
CVE-2025-57880

5.9MEDIUM

Key Information:

Vendor: Hallo Welt! Gmbh
Status: Bluespice
Vendor: CVE Published:; 19 September 2025

🔔 Create Hallo Welt! Gmbh Vulnerability Alert

What is CVE-2025-57880?

An improper encoding or escaping of output vulnerability exists within the BlueSpiceWhoIsOnline extension of BlueSpice, developed by Hallo Welt! GmbH. This flaw allows attackers to execute arbitrary JavaScript in the context of a user's session, leading to potential data theft or manipulation. Specifically, versions from BlueSpice 5 to 5.1.1 are affected, necessitating immediate attention to secure application environments. For detailed information, refer to the official security advisory.

Affected Version(s)

BlueSpice 5 <= 5.1.1

References

https://en.wiki.bluespice.com/wiki/Security:Security_Advi...

CVSS V4

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Sep 18, 2025