CVE-2024-30953

A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...

CVE-2024-30953

CVE-2024-30953 is a stored XSS in Htmly v2.9.5, exploitable via a crafted payload injected into the Link Name parameter of the Menu Editor. Affected component: Menu Editor in Htmly 2.9.5; root cause is insufficient sanitization of the Link Name input, enabling arbitrary script execution in the vi...

HTMLy 安全漏洞

HTMLy is a PHP-based open source blogging platform. A security vulnerability exists in HTMLy version v2.9.5, which stems from the presence of a stored cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to execute arbitrary web script or HTML code by injecting a...

PT-2024-23690 · Htmly · Htmly

Name of the Vulnerable Software and Affected Versions: Htmly version 2.9.5 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of the Menu Editor module. Recommendations: For Htm...

CVE-2024-30953

A stored cross-site scripting XSS vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link Name parameter of Menu Editor module...

HTMLy Version v2.9.6 - Stored XSS Vulnerability

Exploit Title: HTMLy Version v2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see XSS alert...

HTMLy Version v2.9.6 - Stored XSS

Exploit Title: HTMLy Version v2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see XSS alert...

HTMLy 2.9.6 Cross Site Scripting

Exploit Title: HTMLy Version : 2.9.6 - Stored XSS Exploit Author: tmrswrr Vendor Homepage: https://www.htmly.com/ Version 3.10.8.21 Date : 04/08/2024 1 Login admin https://127.0.0.1/HTMLy/admin/config 2 General Setting Blog title " 3 After save it you will be see xss alert...

CVE-2021-33354

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

CVE-2021-33354

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

Directory traversal

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

CVE-2021-33354

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

CVE-2021-33354

The CVE-2021-33354 issue affects htmly prior to 2.8.1 and is a Directory Traversal vulnerability that allows remote attackers to delete arbitrary files via a modified file parameter. The root cause is improper validation of the file parameter, enabling access to files outside the intended directo...

CVE-2021-33354

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...

PT-2022-10230 · Htmly · Htmly

Name of the Vulnerable Software and Affected Versions: htmly versions prior to 2.8.1 Description: The issue allows remote attackers to perform arbitrary file deletions via a modified file parameter. This is a Directory Traversal vulnerability, which enables attackers to access files outside the...

HTMLy 路径遍历漏洞

HTMLy is a PHP-based open source blogging platform. A path traversal vulnerability exists in HTMLy versions prior to 2.8.1. A remote attacker can exploit this vulnerability to delete arbitrary files with the help of modified file parameters...

CVE-2021-40285

htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php...

Arbitrary file deletion

htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php...

CVE-2021-40285

htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php...

CVE-2021-40285

htmly v2.8.1 contains an arbitrary file deletion vulnerability in the component \views\backup.html.php. Affected software: htmly 2.8.1. Root cause: arbitrary file deletion via the backup page component. Impact per CVSS: I and A HIGH, with availability impact also HIGH (per NVD metrics). Exploitat...