QwikSec

Security Database

CVE

CWE

Training

CVE-2025-8101

Published: Jul 25, 2025

Modified: Dec 3, 2025

PUBLISHED

Description

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2.

Vendor	Product	Versions
Linkify	Linkify	affected `4.3.1 - < 4.3.2`

Weaknesses (CWE)

References

https://fluidattacks.com/advisories/charly

third-party-advisory

https://github.com/nfrasser/linkifyjs

product

https://www.npmjs.com/package/linkifyjs

product

https://github.com/nfrasser/linkifyjs/releases/tag/v4.3.2

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.