CVE-2022-1087 htmly Edit Profile Module cross site scripting

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A...

CVE-2022-1087

CVE-2022-1087 affects htmly 5.3, specifically the Edit Profile Module. The vulnerability enables persistent cross-site scripting by manipulating the Title field with script tags. Exploitation is remote and requires authentication; a POC has been publicly disclosed. Multiple connected sources corr...

htmly 跨站脚本漏洞

HTMLy is a PHP-based open source blogging platform. A security vulnerability exists in the Edit Profile Module of htmly version 5.3, which can lead to persistent cross-site scripting attacks...

Htmly Cross-Site Scripting Vulnerability (CNVD-2022-73492)

Htmly is a PHP-based blogging platform. version 2.8.1 of Htmly is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary web script HTML via a specially crafted payload in the blog post content field...

CVE-2022-25022

A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...

CVE-2022-25022

A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...

Cross site scripting

A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...

CVE-2022-25022

A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...

CVE-2022-25022

CVE-2022-25022 is a cross-site scripting (XSS) vulnerability in Htmly v2.8.1 where an attacker can inject arbitrary HTML/script via the blog post content field. Multiple connected records (including Red Hat, CNVD, OSV, and CNVD-style entries) corroborate this issue with consistent description: vu...

HTMLy 跨站脚本漏洞

Htmly is a PHP-based blogging platform. version 2.8.1 of Htmly is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary web script HTML via a specially crafted payload in the blog post content field...

HTMLy Cross-Site Scripting Vulnerability (CNVD-2021-94954)

htmly is a simple and fast database-free PHP blogging platform and flat file CMS. htmly version 2.8.1 has a vulnerability in the "content" field of the "regular post" page in the "add content" menu of the dashboard. field of the "add content" menu in the dashboard is vulnerable to a stored...

CVE-2021-36703

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

CVE-2021-36702

The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...

CVE-2021-36703

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

CVE-2021-36701

In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host...

Cross site scripting

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

Arbitrary file deletion

In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host...

CVE-2021-36703

CVE-2021-36703 concerns Htmly 2.8.1. The vulnerability is a storage XSS in the blog title field on the Settings/config page of the dashboard, allowing an authenticated attacker to submit a crafted website name via an HTTP POST to admin/config and inject arbitrary script/HTML. Multiple connected s...

CVE-2021-36703

The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...

CVE-2021-36702

The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...