CVE-2025-1076

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Feb 6, 2025

CWE ID 79

Summary

CVE-2025-1076 is a newly discovered Stored Cross-Site Scripting (XSS) vulnerability affecting the Holded application. An attacker can exploit this flaw by injecting malicious JavaScript code into the editable 'name' and 'icon' parameters of the Activities functionality. Successful exploitation could lead to unintended execution of malicious scripts in users' browsers, potentially resulting in data theft or session hijacking. It is strongly recommended that Holded users update their applications to the latest version, which presumably includes a patch for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2dxklE
https://www.cve.org/CVERecord?id=CVE-2025-1076
https://nvd.nist.gov/vuln/detail/CVE-2025-1076

Back to Vulnerability Database

CVE-2025-1076

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations