Security Advisory

CVE-2025-1076

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-06 13:33:07

Last updated 2025-02-13 13:47:45

Assigner INCIBE

State PUBLISHED

Description

A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality.

← Browse all CVEs View on cve.org ↗