CVE-2025-1076 Information

Description

A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-vulnerability-holded