CVE-2025-65368

Name of the Vulnerable Software and Affected Versions SparkyFitness version 0.15.8.2

Description SparkyFitness is susceptible to Cross-Site Scripting (XSS) attacks. The issue stems from improper handling of user input and output from Large Language Models (LLMs). This allows for the injection of malicious scripts into web pages viewed by other users.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing all user input and LLM output before rendering it in web pages.