Primary

Context

Lumi H5P-Nodejs-Library HTML Sanitization Vulnerability

Vulnerability

Patched

A vulnerability exists in Lumi H5P-Nodejs-library versions prior to 9.3.3, where the library fails to properly sanitize plain text strings. This oversight could potentially lead to the injection of unfiltered HTML, which may be exploited in various ways, depending on the context in which the unsanitized data is used.

Impact

The lack of proper HTML sanitization could allow for the injection of malicious HTML, potentially leading to cross-site scripting (XSS) attacks or other forms of content injection, depending on how the unsanitized data is handled within the application.

Reproduction

The vulnerability can be reproduced by using a version of the Lumi H5P-Nodejs-library prior to 9.3.3. In this version, plain text strings can be injected without proper sanitization, allowing for the inclusion of unfiltered HTML.

Remediation

Users can upgrade to Lumi H5P-Nodejs-library version 9.3.3 or later, where this vulnerability has been addressed.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

5.8

remediation

7.7

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

1.7

exploitability

5.8

remediation

7.7

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Lumi H5P-Nodejs-Library HTML Sanitization Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Lumi H5P-Nodejs-library

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating