Shodan
Vulnerabilities
Vulnerable Software
Hallowelt:  >> Bluespice  Security Vulnerabilities
CVE-2025-58114
Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension:CognitiveProcessDesigner) allows Cross-Site Scripting (XSS).This issue affects BlueSpice: from 5 through 5.1.1.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-09-19
CVE-2025-57880
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-19
CVE-2025-46703
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-09-19
CVE-2025-48007
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-09-19
CVE-2023-42431
Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.
CVSS Score
2.1
EPSS Score
0.001
Published
2023-10-30
CVE-2022-42001
Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.
CVSS Score
3.3
EPSS Score
0.003
Published
2022-11-15
CVE-2022-42000
Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
CVSS Score
3.3
EPSS Score
0.003
Published
2022-11-15
CVE-2022-41814
Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
CVSS Score
3.3
EPSS Score
0.003
Published
2022-11-15
CVE-2022-41611
Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application.
CVSS Score
2.3
EPSS Score
0.003
Published
2022-11-15
CVE-2022-41789
Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.
CVSS Score
3.3
EPSS Score
0.003
Published
2022-11-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved