CNNVD-202507-2304 Information

CNNVD ID

CNNVD-202507-2304

Related CVE

CVE-2025-53941

• CNNVD Published: 2025-07-17

Description (Chinese)

Hollo是Fedify开源的一个微型博客软件。 Hollo 0.6.5之前版本存在安全漏洞，该漏洞源于允许提交HTML表单元素，可能导致HTML注入。

Description (English)

Hollo is a microblogging software for Fedify. Prior to Hollo 0.6.5, there was a security loophole, which stemmed from allowing the submission of HTML table cells, which could lead to HTML injections.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Fedify

Published

2025-07-17

Last Modified

2026-02-24

References

https://github.com/fedify-dev/hollo/commit/f9d25e10ba5406c27f9e87dfb01f75b6a52f2410 https://github.com/fedify-dev/hollo/releases/tag/0.6.5 https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h

Patch

https://github.com/fedify-dev/hollo/releases