CVE-2025-53941

Sažetak

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.

Reference

https://github.com/fedify-dev/hollo/commit/f9d25e10ba5406c27f9e87dfb01f75b6a52f2410
https://github.com/fedify-dev/hollo/releases/tag/0.6.5
https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h
https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

17-07-2025 - 21:15

Objavljeno

17-07-2025 - 14:15