A cross-site scripting vulnerability exists in HTMLy version 2.8.1, which originates in the “description” field of the admin/config and index.php pages. The vulnerability can be exploited to execute malicious code, tamper with the page to conduct phishing attacks, and trick users into logging in again and then obtaining their login credentials.
CPE | Name | Operator | Version |
---|---|---|---|
htmly htmly | eq | 2.8.1 |