CVE-2025-23522

CVSS 3.1 Score 7.1 of 10 (high)

Attack Complexity low

Scope changed

Confidentiality low

Integrity low

Availability low

Privileges Required none

Details

Published Jan 24, 2025

CWE ID 79

Summary

CVE-2025-23522 is a Cross-site Scripting (XSS) vulnerability affecting the HM Portfolio software from humanmade, developed by Joe Hoyle, Tom Wilmott, and Matthew Haines-Young. This issue stems from improper neutralization of user input during web page generation, permitting Reflected XSS. This weakness poses a risk to HM Portfolio versions from n/a through 1.1.1, potentially allowing attackers to inject malicious scripts into a user's browser when visiting a specially crafted webpage.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2hbRZy
https://www.cve.org/CVERecord?id=CVE-2025-23522
https://nvd.nist.gov/vuln/detail/CVE-2025-23522

Back to Vulnerability Database

CVE-2025-23522

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations