Vulnerability Database

309,130

Total vulnerabilities in the database

CVE-2025-53941

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.

Published: Jul 17, 2025
Updated: Nov 16, 2025
CVE: CVE-2025-53941
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://github.com/fedify-dev/hollo/commit/f9d25e10ba5406c27f9e87dfb01f75b6a52f2410
https://github.com/fedify-dev/hollo/releases/tag/0.6.5
https://github.com/fedify-dev/hollo/security/advisories/GHSA-w7gc-g3x7-hq8h

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo