CVE-2025-23522

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 24, 2025
CWE ID 79

Summary

CVE-2025-23522 is a Cross-site Scripting (XSS) vulnerability affecting the HM Portfolio software from humanmade, developed by Joe Hoyle, Tom Wilmott, and Matthew Haines-Young. This issue stems from improper neutralization of user input during web page generation, permitting Reflected XSS. This weakness poses a risk to HM Portfolio versions from n/a through 1.1.1, potentially allowing attackers to inject malicious scripts into a user's browser when visiting a specially crafted webpage.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share