{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53941", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-14T17:23:35.262Z", "datePublished": "2025-07-17T14:01:34.436Z", "dateUpdated": "2025-07-17T14:21:36.942Z"}, "containers": {"cna": {"title": "Hollo renders posts received with form elements and allows submission", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h"}, {"name": "https://github.com/fedify-dev/hollo/commit/f9d25e10ba5406c27f9e87dfb01f75b6a52f2410", "tags": ["x_refsource_MISC"], "url": "https://github.com/fedify-dev/hollo/commit/f9d25e10ba5406c27f9e87dfb01f75b6a52f2410"}, {"name": "https://github.com/fedify-dev/hollo/releases/tag/0.6.5", "tags": ["x_refsource_MISC"], "url": "https://github.com/fedify-dev/hollo/releases/tag/0.6.5"}], "affected": [{"vendor": "fedify-dev", "product": "hollo", "versions": [{"version": "< 0.6.5", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-17T14:01:34.436Z"}, "descriptions": [{"lang": "en", "value": "Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue."}], "source": {"advisory": "GHSA-w7gc-g3x7-hq8h", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-17T14:19:28.629628Z", "id": "CVE-2025-53941", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-17T14:21:36.942Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53941", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-17T14:19:28.629628Z"}}}], "references": [{"url": "https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-17T14:19:36.467Z"}}], "cna": {"title": "Hollo renders posts received with form elements and allows submission", "source": {"advisory": "GHSA-w7gc-g3x7-hq8h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "fedify-dev", "product": "hollo", "versions": [{"status": "affected", "version": "< 0.6.5"}]}], "references": [{"url": "https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h", "name": "https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/fedify-dev/hollo/commit/f9d25e10ba5406c27f9e87dfb01f75b6a52f2410", "name": "https://github.com/fedify-dev/hollo/commit/f9d25e10ba5406c27f9e87dfb01f75b6a52f2410", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/fedify-dev/hollo/releases/tag/0.6.5", "name": "https://github.com/fedify-dev/hollo/releases/tag/0.6.5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-17T14:01:34.436Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53941", "state": "PUBLISHED", "dateUpdated": "2025-07-17T14:21:36.942Z", "dateReserved": "2025-07-14T17:23:35.262Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-17T14:01:34.436Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue."}], "id": "CVE-2025-53941", "lastModified": "2025-07-17T21:15:50.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-07-17T14:15:32.737", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/fedify-dev/hollo/commit/f9d25e10ba5406c27f9e87dfb01f75b6a52f2410"}, {"source": "security-advisories@github.com", "url": "https://github.com/fedify-dev/hollo/releases/tag/0.6.5"}, {"source": "security-advisories@github.com", "url": "https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}