CVE-2025-1076

A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable name and icon parameters of the Activities functionality.