CVE-2025-53941

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-53941

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53941.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-53941

Aliases

GHSA-w7gc-g3x7-hq8h

Published

2025-07-17T14:01:34.436Z

Modified

2026-04-10T05:32:18.643394Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Hollo renders posts received with form elements and allows submission

Details

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/53xxx/CVE-2025-53941.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/fedify-dev/hollo

Affected ranges

Type: GIT
Repo: https://github.com/fedify-dev/hollo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f9d25e10ba5406c27f9e87dfb01f75b6a52f2410

Type: GIT
Repo: https://github.com/fedify-dev/hollo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bf7773659979d81aceb8256f385d5aa948d38135

Affected versions

0.*

0.1.0

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53941.json"