CVE-2025-57880

Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice Extension:BlueSpiceWhoIsOnline allows Cross-Site Scripting XSS. This issue affects BlueSpice: from 5 through 5.1.1...

CVE-2025-57880

The CVE-2025-57880 entry concerns an XSS vulnerability in Hallo Welt! GmbH BlueSpice, specifically the BlueSpiceWhoIsOnline extension . Affected are BlueSpice versions 5 through 5.1.1 where improper encoding/escaping of output may allow script execution. The root cause is an output encoding flaw ...