CVE-2025-58114
- EPSS 0.03%
- Veröffentlicht 19.09.2025 13:10:38
- Zuletzt bearbeitet 22.09.2025 16:21:52
Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension:CognitiveProcessDesigner) allows Cross-Site Scripting (XSS).This issue affects BlueSpice: from 5 through 5.1.1.
CVE-2025-57880
- EPSS 0.03%
- Veröffentlicht 19.09.2025 13:10:12
- Zuletzt bearbeitet 22.09.2025 16:21:50
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
CVE-2025-48007
- EPSS 0.03%
- Veröffentlicht 19.09.2025 13:09:47
- Zuletzt bearbeitet 22.09.2025 16:21:58
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
CVE-2025-46703
- EPSS 0.03%
- Veröffentlicht 19.09.2025 13:09:20
- Zuletzt bearbeitet 22.09.2025 16:21:56
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
CVE-2023-42431
- EPSS 0.05%
- Veröffentlicht 30.10.2023 11:15:39
- Zuletzt bearbeitet 21.11.2024 08:22:31
Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.
CVE-2022-42001
- EPSS 0.3%
- Veröffentlicht 15.11.2022 15:15:18
- Zuletzt bearbeitet 21.11.2024 07:24:14
Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.
CVE-2022-42000
- EPSS 0.3%
- Veröffentlicht 15.11.2022 15:15:17
- Zuletzt bearbeitet 21.11.2024 07:24:14
Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
CVE-2022-41814
- EPSS 0.3%
- Veröffentlicht 15.11.2022 15:15:16
- Zuletzt bearbeitet 21.11.2024 07:23:53
Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
CVE-2022-41611
- EPSS 0.36%
- Veröffentlicht 15.11.2022 15:15:14
- Zuletzt bearbeitet 21.11.2024 07:23:29
Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application.
CVE-2022-41789
- EPSS 0.3%
- Veröffentlicht 15.11.2022 15:15:14
- Zuletzt bearbeitet 21.11.2024 07:23:50
Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.