CVE-2025-47828
Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings.
Overview
The Lumi H5P-Nodejs-library version before 9.3.3 has a known medium severity vulnerability where it fails to sanitizeHtml calls for plain text strings.
Technical Details
This vulnerability is due to an omission in the sanitizeHtml calls for plain text strings in the Lumi H5P-Nodejs-library versions before 9.3.3.
CVSS Metrics
- attackVector: NETWORK
- attackComplexity: LOW
- privilegesRequired: LOW
- userInteraction: NONE
- scope: CHANGED
- confidentialityImpact: LOW
- integrityImpact: LOW
- availabilityImpact: NONE
Impact
The omission of sanitizeHtml commands could make the system vulnerable to cross-site scripting attacks, which can lead to unauthorized access and data manipulation.
Recommendations
Upgrade to the latest version of Lumi H5P-Nodejs-library or apply the patches provided by the vendor if available. It is also recommended to follow a strong input data validation for application design, especially for HTML form inputs.
Threat Metrics
- "cvss_score": 6.4
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"