A cross-site scripting vulnerability exists in HTMLy version 2.8.1, which stems from the presence of a “copyright” field in the /admin/config page. The vulnerability can be exploited to execute malicious code, tamper with the page to conduct phishing attacks, and trick users into logging in again and then obtaining their login credentials.
CPE | Name | Operator | Version |
---|---|---|---|
htmly htmly | eq | 2.8.1 |