2 matches found
CVE-2021-36702
The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...
CVE-2021-36702
CVE-2021-36702 affects htmly 2.8.1. The vulnerability is a stored XSS in the content field of the ”regular post” → “add content” page in the dashboard. It allows an attacker who can issue authenticated POST requests to add/content to inject arbitrary HTML/ scripts, enabling cross-site script exec...