Nixpkgs security tracker

Untriaged

Permalink CVE-2025-62951

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 2 months, 3 weeks ago

WordPress Interactive Content – H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icc0rz Interactive Content – H5P h5p allows Stored XSS.This issue affects Interactive Content – H5P: from n/a through <= 1.16.0.

References

Affected products

h5p

=<<= 1.16.0

Matching in nixpkgs

pkgs.python312Packages.h5py

Pythonic interface to the HDF5 binary data format

nixos-unstable h5py-3.13.0
- nixpkgs-unstable h5py-3.13.0
- nixos-unstable-small h5py-3.13.0
nixos-25.11 h5py-3.14.0
- nixpkgs-25.11-darwin h5py-3.14.0

pkgs.python313Packages.h5py

Pythonic interface to the HDF5 binary data format

nixos-unstable h5py-3.13.0
- nixpkgs-unstable h5py-3.13.0
- nixos-unstable-small h5py-3.13.0
nixos-25.11 h5py-3.14.0
- nixpkgs-25.11-darwin h5py-3.14.0

pkgs.tests.fetchpatch.simple

None

nixos-25.11 h5pv0p3j20qc
- nixpkgs-25.11-darwin h5pv0p3j20qc

pkgs.python312Packages.h5py-mpi

Pythonic interface to the HDF5 binary data format

nixos-unstable h5py-3.13.0
- nixpkgs-unstable h5py-3.13.0
- nixos-unstable-small h5py-3.13.0
nixos-25.11 h5py-3.14.0
- nixpkgs-25.11-darwin h5py-3.14.0

pkgs.python313Packages.h5py-mpi

Pythonic interface to the HDF5 binary data format

nixos-unstable h5py-3.13.0
- nixpkgs-unstable h5py-3.13.0
- nixos-unstable-small h5py-3.13.0
nixos-25.11 h5py-3.14.0
- nixpkgs-25.11-darwin h5py-3.14.0