hallowelt 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting and vendor risk input validation に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact session compromise and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-58114 | Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension:CognitiveProcessDesigner) allows Cross-Site Scripting (XSS).This issue affects BlueSpice: from 5 through 5.1.1. | [email protected] | 5.9 | 0.05% | 2025-09-19 | 2025-09-22 |
| CVE-2025-57880 | Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1. | [email protected] | 5.9 | 0.02% | 2025-09-19 | 2025-09-22 |
| CVE-2025-48007 | Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1. | [email protected] | 5.9 | 0.06% | 2025-09-19 | 2025-09-22 |
| CVE-2025-46703 | Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1. | [email protected] | 5.9 | 0.06% | 2025-09-19 | 2025-09-22 |
| CVE-2023-42431 | Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context. | [email protected] | 2.1 | 0.05% | 2023-10-30 | 2024-11-21 |
| CVE-2022-42001 | Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the book navigation. | [email protected] | 3.3 | 0.30% | 2022-11-15 | 2024-11-21 |
| CVE-2022-42000 | Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. | [email protected] | 3.3 | 0.30% | 2022-11-15 | 2024-11-21 |
| CVE-2022-41814 | Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage. | [email protected] | 3.3 | 0.30% | 2022-11-15 | 2024-11-21 |
| CVE-2022-41789 | Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage. | [email protected] | 3.3 | 0.30% | 2022-11-15 | 2024-11-21 |
| CVE-2022-41611 | Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML into the main navigation of the application. | [email protected] | 2.3 | 0.36% | 2022-11-15 | 2024-11-21 |
| CVE-2022-3958 | Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar extension of BlueSpice allows user with regular account and edit permissions to inject arbitrary HTML into the personal menu navigation of their own and other users. This allows for targeted attacks. | [email protected] | 3.3 | 0.30% | 2022-11-15 | 2024-11-21 |
| CVE-2022-3895 | Some UI elements of the Common User Interface Component are not properly sanitizing output and therefore prone to output arbitrary HTML (XSS). | [email protected] | 4.0 | 0.30% | 2022-11-15 | 2024-11-21 |
| CVE-2022-3893 | Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extension of BlueSpice allows user with admin permissions to inject arbitrary HTML into the custom menu navigation of the application. | [email protected] | 2.3 | 0.27% | 2022-11-15 | 2024-11-21 |
| CVE-2022-2511 | Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL. | [email protected] | 4.3 | 0.54% | 2022-07-22 | 2024-11-21 |
| CVE-2022-2510 | Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL. | [email protected] | 4.3 | 0.26% | 2022-07-22 | 2024-11-21 |