CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

htmly v3.0.8 is vulnerable to Cross Site Scripting XSS in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads...

6.1CVSS6.1AI score0.00024EPSS

Exploits0References1

NVD•added 2025/10/02 4:15 p.m.•3 views

CVE-2025-56154

6.1CVSS0.00024EPSS

Exploits0References3

OSV•added 2025/10/02 4:15 p.m.•3 views

CVE-2025-56154

6.1CVSS6.1AI score

Exploits0References3

Positive Technologies•added 2025/10/02 12:0 a.m.•3 views

PT-2025-40403

Name of the Vulnerable Software and Affected Versions htmly version 3.0.8 Description The application is susceptible to Cross Site Scripting XSS due to insufficient sanitization of user-supplied input. Specifically, the /author/:name API endpoint does not properly sanitize the name parameter befo...

6.1CVSS5.4AI score0.00024EPSS

Exploits0References9

CNNVD•added 2025/10/02 12:0 a.m.•1 views

HTMLy 安全漏洞

HTMLy is a PHP-based blogging platform from HTMLy open source. A security vulnerability exists in HTMLy version 3.0.8, which stems from improper name parameter cleanup and could lead to cross-site scripting attacks...

6.1CVSS5.9AI score0.00024EPSS

Exploits0References2

Vulnrichment•added 2025/10/02 12:0 a.m.•3 views

CVE-2025-56154

5.7AI score0.00024EPSS

Exploits0References3

Cvelist•added 2025/10/02 12:0 a.m.•5 views

CVE-2025-56154

0.00024EPSS

Exploits0References3

CVE•added 2025/10/02 12:0 a.m.•30 views

CVE-2025-56154

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint. The name parameter is not properly sanitized before reflecting in the HTML response, enabling injection of arbitrary JavaScript. The CVE description confirms the affected software and the vulnerability locatio...

6.1CVSS5.7AI score0.00024EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2025/09/23 12:17 a.m.•3 views

CVE-2025-10758

A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file /htmly/admin/field/post of the component Custom Field Handler. Such manipulation of the argument label leads to cross site scripting. The attack can be launched remotely. The...

4.8CVSS5.3AI score0.00036EPSS

Exploits1References1

NVD•added 2025/09/21 1:15 a.m.•1 views

CVE-2025-10758

4.8CVSS0.00036EPSS

Exploits1References4

OSV•added 2025/09/21 1:15 a.m.•1 views

CVE-2025-10758

4.8CVSS3.1AI score

Exploits0References4

Cvelist•added 2025/09/21 12:2 a.m.•6 views

CVE-2025-10758 htmly Custom Field post cross site scripting

4.8CVSS0.00036EPSS

Exploits1References4

Vulnrichment•added 2025/09/21 12:2 a.m.•3 views

CVE-2025-10758 htmly Custom Field post cross site scripting

4.8CVSS5.2AI score0.00036EPSS

Exploits1References4

CVE•added 2025/09/21 12:2 a.m.•11 views

CVE-2025-10758

CVE-2025-10758 affects htmly up to 3.1.0, specifically the Custom Field Handler’s file /htmly/admin/field/post. A vulnerability arises from manipulation of the label argument in an unknown function, enabling cross-site scripting (XSS). The issue can be triggered remotely and exploit details have ...

4.8CVSS2.8AI score0.00036EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2025/09/21 12:0 a.m.•1 views

PT-2025-38647

Name of the Vulnerable Software and Affected Versions htmly versions up to 3.1.0 Description A security issue has been identified in htmly. Manipulation of the label argument in an unknown function within the file /htmly/admin/field/post of the Custom Field Handler component can lead to cross-sit...

4.8CVSS2.9AI score0.00036EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by