← volver
CVE-2025-53941

Hollo renders posts received with form elements and allows submission

CVSS 6.1 MEDIUMEPSS 0.2%CWE-79
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
fedify-dev · hollo

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/fedify-dev/hollo/commit/f9d25e10ba5406c27f9e87dfb01f75b6a52f2410https://github.com/fedify-dev/hollo/releases/tag/0.6.5https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h