HTML Sanitization Flaw in Lumi H5P-Nodejs-library
CVE-2025-47828

6.4MEDIUM

Key Information:

Vendor: Lumi
Status: H5p-nodejs-library
Vendor: CVE Published:; 11 May 2025

What is CVE-2025-47828?

The H5P-Nodejs-library from Lumi Education, prior to version 9.3.3, has a notable omission of the sanitizeHtml function for plain text strings. This vulnerability may allow unintended HTML content to be processed, potentially leading to security concerns such as cross-site scripting (XSS) attacks. It's essential for users to update to the latest version to mitigate any risks associated with this oversight.

Affected Version(s)

H5P-Nodejs-library 0 < 9.3.3

References

https://github.com/Lumieducation/H5P-Nodejs-library/compa...

https://github.com/Lumieducation/H5P-Nodejs-library/pull/...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2025
Vulnerability Reserved
May 11, 2025