CVE-2025-48051

Published May 15th, 2025

View on NVD ↗

CVSS v3

4.7

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML.

lichess-org/lila

♞ lichess.org: the forever free, adless and open source chess server ♞

GitHub

18.3K