CVE-2025-47828

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-47828

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47828.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-47828

Aliases

GHSA-m7gm-v253-56hh

Published

2025-05-11T03:15:23.533Z

Modified

2026-04-10T05:27:45.793576Z

Severity

6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings.

References

Affected packages

Git / github.com/Lumieducation/H5P-Nodejs-library

Affected ranges

Type

GIT

Repo

https://github.com/Lumieducation/H5P-Nodejs-library

Events

Introduced

Fixed

5730c0231dd77d70dcc0035d59b116eca930cd26

Database specific

{
    "versions": [
        {
            "introduced": "H5P-Nodejs-library"
        },
        {
            "fixed": "9.3.3"
        }
    ]
}

Affected versions

v0.*

v0.10.0

v0.10.1

v0.10.10

v0.10.2

v0.10.3

v0.10.4

v0.10.5

v0.10.6

v0.10.7

v0.10.8

v0.10.9

v0.11.0

v0.11.1

v0.11.2

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.8.1

v0.9.0

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.1.0

v2.2.0

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.4.0

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.1.0

v4.1.1

v4.1.2

v5.*

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v6.*

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.1.0

v6.1.1

v6.1.2

v6.1.3

v6.2.0

v7.*

v7.1.0

v7.3.0

v7.3.1

v8.*

v8.0.0

v8.1.5

v9.*

v9.0.5

v9.0.6

v9.0.9

v9.1.0

v9.2.1

v9.3.1

v9.3.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47828.json"