CVE 5.9 MEDIUM

Potential XSS in Extension:BlueSpiceAvatars_CVE-2025-48007

September 19, 2025 invoker category_cve
5.9 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS).
This issue affects BlueSpice: from 5 through 5.1.1.

Basic Information

ID CVE-2025-48007
Source HW
Published Sep 19, 2025 at 13:09

Affected Product

Vendor Hallo Welt! GmbH
Product BlueSpice
Version 5
Affected Versions Hallo Welt! GmbH BlueSpice 5

CWE Classification

CWE-116

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.