2 matches found
CVE-2026-45233
The CVE details a path traversal in HTMLy CMS (up to version 3.1.1) where an authenticated, low-privilege user can relocate arbitrary files via the admin autosave endpoint. The root cause is unsanitized directory traversal sequences passed to file_exists() and rename() in admin.php without canoni...
HTMLy Cross Site Scripting
A cross site scripting vulnerability exists in HTMLy CMS. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...