CVE-2025-8101

High CVSS 8.8

Overview

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2.

CWE: CWE-1321 Published: 2025-07-25T22:15:25.620

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.8 (HIGH)
Detected tags: proto_pollution, xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags