VYPR
Vendor

Hallo Welt! GmbH

Products
2
CVEs
15
Across products
16
Status
Private

Products

2

Recent CVEs

15
  • CVE-2026-24732MedMar 4, 2026
    risk 0.43cvss epss 0.00

    Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and…

  • CVE-2022-2511MedJul 22, 2022
    risk 0.28cvss 4.3epss 0.00

    Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.

  • CVE-2022-2510MedJul 22, 2022
    risk 0.28cvss 4.3epss 0.00

    Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.

  • CVE-2022-42001LowNov 15, 2022
    risk 0.21cvss 3.3epss 0.00

    Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation.

  • CVE-2022-42000LowNov 15, 2022
    risk 0.21cvss 3.3epss 0.00

    Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.

  • CVE-2022-41814LowNov 15, 2022
    risk 0.21cvss 3.3epss 0.00

    Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.

  • CVE-2022-41789LowNov 15, 2022
    risk 0.21cvss 3.3epss 0.00

    Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage.

  • CVE-2022-3958LowNov 15, 2022
    risk 0.21cvss 3.3epss 0.00

    Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks.

  • CVE-2022-41611LowNov 15, 2022
    risk 0.15cvss 2.3epss 0.00

    Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application.

  • CVE-2022-3893LowNov 15, 2022
    risk 0.15cvss 2.3epss 0.00

    Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application.

  • CVE-2023-42431LowOct 30, 2023
    risk 0.14cvss 2.1epss 0.00

    Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.

  • CVE-2025-58114Sep 19, 2025
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension:CognitiveProcessDesigner) allows Cross-Site Scripting (XSS).This issue affects BlueSpice: from 5 through 5.1.1.

  • CVE-2025-57880Sep 19, 2025
    risk 0.00cvss epss 0.00

    Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.

  • CVE-2025-48007Sep 19, 2025
    risk 0.00cvss epss 0.00

    Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.

  • CVE-2025-46703Sep 19, 2025
    risk 0.00cvss epss 0.00

    Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.

VYPR — Vulnerability Intelligence