Unrated severityNVD Advisory· Published Sep 19, 2025· Updated Sep 19, 2025

Potential XSS in Extension:AtMentions

CVE-2025-46703

Description

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.

Affected products

Hallo Welt! GmbH/AtMentionsllm-create
Range: >=5, <=5.1.1
Hallo Welt! GmbH/BlueSpicellm-fuzzy
Range: >=5, <=5.1.1
Hallo Welt! GmbH/BlueSpicev5
Range: 5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

en.wiki.bluespice.com/wiki/Security:Security_Advisories/BSSA-2025-05mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000