16 matches found
EUVD-2021-23298
Malware in sbrugna...
EUVD-2022-29768
Malicious code in bioql PyPI...
CVE-2021-33354
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...
Directory traversal
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...
CVE-2021-42946
A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...
CVE-2021-42867
A Cross Site Scripting XSS vulnerability exists in DanPros htmly 2.8.1 via the Description field in 1 admin/config, and 2 index.php pages...
Cross site scripting
A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...
Cross site scripting
A Cross Site Scripting XSS vulnerability exists in DanPros htmly 2.8.1 via the Description field in 1 admin/config, and 2 index.php pages...
CVE-2021-42946
A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...
CVE-2021-42946
CVE-2021-42946 describes a Cross Site Scripting (XSS) vulnerability in HTMLy 2.8.1 that can be triggered through the “copyright” field on the /admin/config page. The connected sources confirm the affected product and location of the vulnerability, but do not provide explicit details on root cause...
CVE-2021-36703
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...
CVE-2021-36702
The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...
CVE-2021-36703
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...
Cross site scripting
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website...
CVE-2021-36702
The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting XSS vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through...
CVE-2021-36702
CVE-2021-36702 affects htmly 2.8.1. The vulnerability is a stored XSS in the content field of the ”regular post” → “add content” page in the dashboard. It allows an attacker who can issue authenticated POST requests to add/content to inject arbitrary HTML/ scripts, enabling cross-site script exec...