CVE-2021-36702

CVE-2021-36702 affects htmly 2.8.1. The vulnerability is a stored XSS in the content field of the ”regular post” → “add content” page in the dashboard. It allows an attacker who can issue authenticated POST requests to add/content to inject arbitrary HTML/ scripts, enabling cross-site script exec...

CVE-2021-36701

CVE-2021-36701 affects htmly version 2.8.1. The issue enables arbitrary file deletion on the local host when deleting backup files, potentially allowing a remote attacker to delete arbitrary known files on the host. The available descriptions consistently state the vulnerable component and the im...

CVE-2021-36701

In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host...

htmly 跨站脚本漏洞

htmly is a simple and fast database-free PHP blogging platform and flat file CMS. htmly version 2.8.1 has a vulnerability in the "content" field of the "regular post" page in the "add content" menu of the dashboard. field of the "add content" menu in the dashboard is vulnerable to a stored...

htmly 安全漏洞

HTMLy is a PHP-based open source blogging platform. A security vulnerability exists in htmly version 2.8.1, which stems from the vulnerability to arbitrary file deletion on the local host when deleting backup files in htmly 2.8.1. The vulnerability could allow a remote attacker to delete arbitrar...

HTMLy 跨站脚本漏洞

HTMLy is a PHP-based open source blogging platform. A cross-site scripting vulnerability exists in htmly version 2.8.1, which can be exploited by remote attackers to send an authenticated post request to admin/config and inject arbitrary web script or HTML...

CVE-2020-23766

An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges...

CVE-2020-23766

An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges...

Arbitrary file deletion

An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges...

CVE-2020-23766

An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges...

CVE-2020-23766

CVE-2020-23766 affects htmly v2.7.5. A path/traversal-like vulnerability lets a remote attacker with Administrator privileges delete arbitrary files on the server by supplying an absolute path. The impact is deletion with potential partial integrity and availability effects, per provided referenc...

HTMLy 路径遍历漏洞

HTMLy is a PHP-based open source blogging platform. A path traversal vulnerability exists in htmly version v2.7.5, which originates from allowing a remote attacker with administrator privileges to exploit the vulnerability to delete any file on the server using any absolute path...

htmly 2.8.0 Cross Site Scripting

Exploit Title: htmly 2.8.0 allows stored XSS Authors: @nu11secur1ty & G.Dzhankushev Date: 04.15.2021 Vendor: htmly Link: https://github.com/danpros/htmly CVE: CVE-2021-30637 + Exploit Source: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-26929 Exploit Program Code !/usr/bin/python3...

htmly 2.8.0 Cross Site Scripting Exploit

Exploit Title: htmly 2.8.0 allows stored XSS Authors: @nu11secur1ty & G.Dzhankushev Date: 04.15.2021 Vendor: htmly Link: https://github.com/danpros/htmly CVE: CVE-2021-30637 Software Link: https://github.com/danpros/htmly Video: https://www.youtube.com/watch?v=xKRQZYqVlS4 Steps to Reproduce:...

htmly 2.8.0 - 'description' Stored Cross-Site Scripting (XSS)

Exploit Title: htmly 2.8.0 - 'description' Stored Cross-Site Scripting XSS Authors: @nu11secur1ty & G.Dzhankushev Date: 04.15.2021 Vendor Homepage: https://www.htmly.com/ Software Link: https://github.com/danpros/htmly CVE: CVE-2021-30637 !/usr/bin/python3 from selenium import webdriver from...

CVE-2021-30637

htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php...

CVE-2021-30637

htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php...

Cross site scripting

htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php...

CVE-2021-30637

htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php...

CVE-2021-30637

CVE-2021-30637 affects htmly 2.8.0, allowing stored XSS via the blog title, Tagline, or Description submitted to config.html.php. The root cause is unescaped user input stored and later reflected, enabling script execution in affected pages. Public writeups and exploits exist (e.g., PacketStorm/E...