HTML Sanitization Flaw in Lumi H5P-Nodejs-library
CVE-2025-47828

6.4MEDIUM

Key Information:

Vendor

Lumi

Status
H5p-nodejs-library
Vendor
CVE Published:
11 May 2025

What is CVE-2025-47828?

The H5P-Nodejs-library from Lumi Education, prior to version 9.3.3, has a notable omission of the sanitizeHtml function for plain text strings. This vulnerability may allow unintended HTML content to be processed, potentially leading to security concerns such as cross-site scripting (XSS) attacks. It's essential for users to update to the latest version to mitigate any risks associated with this oversight.

Affected Version(s)

H5P-Nodejs-library 0 < 9.3.3

References

https://github.com/Lumieducation/H5P-Nodejs-library/compa...
https://github.com/Lumieducation/H5P-Nodejs-library/pull/...

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-47828 : HTML Sanitization Flaw in Lumi H5P-Nodejs-library