BlueSpice

CVEs (5)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-24732	Hallo Welt! GmbH BlueSpice	Med	0.43	—	Mar 4, 2026	Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This issue affects BlueSpice: from 5.1 through 5.1.3, from 5.2 through 5.2.0. HINT: Versions provided apply to BlueSpice MediaWiki releases. For Extension:NSFileRepo the affected versions are 3.0 < 3.0.5
CVE-2025-58114	Hallo Welt! GmbH BlueSpice		0.00	—	Sep 19, 2025	Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension:CognitiveProcessDesigner) allows Cross-Site Scripting (XSS).This issue affects BlueSpice: from 5 through 5.1.1.
CVE-2025-57880	Hallo Welt! GmbH BlueSpice		0.00	—	Sep 19, 2025	Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
CVE-2025-48007	Hallo Welt! GmbH BlueSpice		0.00	—	Sep 19, 2025	Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
CVE-2025-46703	Hallo Welt! GmbH BlueSpice		0.00	—	Sep 19, 2025	Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.

CVE-2026-24732MedMar 4, 2026
Hallo Welt! GmbH
BlueSpice
risk 0.43cvss —epss 0.00
Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This issue affects BlueSpice: from 5.1 through 5.1.3, from 5.2 through 5.2.0. HINT: Versions provided apply to BlueSpice MediaWiki releases. For Extension:NSFileRepo the affected versions are 3.0 < 3.0.5
CVE-2025-58114Sep 19, 2025
Hallo Welt! GmbH
BlueSpice
risk 0.00cvss —epss 0.00
Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension:CognitiveProcessDesigner) allows Cross-Site Scripting (XSS).This issue affects BlueSpice: from 5 through 5.1.1.
CVE-2025-57880Sep 19, 2025
Hallo Welt! GmbH
BlueSpice
risk 0.00cvss —epss 0.00
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
CVE-2025-48007Sep 19, 2025
Hallo Welt! GmbH
BlueSpice
risk 0.00cvss —epss 0.00
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
CVE-2025-46703Sep 19, 2025
Hallo Welt! GmbH
BlueSpice
risk 0.00cvss —epss 0.00
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.