156 matches found
CVE-2021-33354
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter...
HTMLy 路径遍历漏洞
HTMLy is a PHP-based open source blogging platform. A path traversal vulnerability exists in HTMLy versions prior to 2.8.1. A remote attacker can exploit this vulnerability to delete arbitrary files with the help of modified file parameters...
PT-2022-10230 · Htmly · Htmly
Name of the Vulnerable Software and Affected Versions: htmly versions prior to 2.8.1 Description: The issue allows remote attackers to perform arbitrary file deletions via a modified file parameter. This is a Directory Traversal vulnerability, which enables attackers to access files outside the...
CVE-2021-40285
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php...
Arbitrary file deletion
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php...
CVE-2021-40285
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php...
CVE-2021-40285
htmly v2.8.1 contains an arbitrary file deletion vulnerability in the component \views\backup.html.php. Affected software: htmly 2.8.1. Root cause: arbitrary file deletion via the backup page component. Impact per CVSS: I and A HIGH, with availability impact also HIGH (per NVD metrics). Exploitat...
PT-2022-11210 · Htmly · Htmly
Name of the Vulnerable Software and Affected Versions: htmly version 2.8.1 Description: The issue is related to an arbitrary file deletion vulnerability. It affects the component viewsbackup.html.php. There is no information provided about the estimated number of potentially affected devices...
HTMLy 路径遍历漏洞
HTMLy is a PHP-based open source blogging platform. HTMLy v2.8.1 version of a path traversal vulnerability, the vulnerability stems from the presence of arbitrary file deletion in its viewsackup.html.php component...
HTMLy cross-site scripting vulnerability (CNVD-2022-82257)
HTMLy is an open source database-free PHP blogging platform. A cross-site scripting vulnerability exists in HTMLy version 2.8.1, which originates from the presence of the "copyright" field in the /admin/config page. The vulnerability can be exploited to execute malicious code, manipulate pages to...
HTMLy cross-site scripting vulnerability (CNVD-2022-82256)
HTMLy is an open source database-free PHP blogging platform. A cross-site scripting vulnerability exists in HTMLy version 2.8.1, which originates from the "description" field in the admin/config and index.php pages. The vulnerability can be exploited to execute malicious code, manipulate pages to...
CVE-2021-42946
A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...
CVE-2021-42946
A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...
CVE-2021-42946
A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...
CVE-2021-42867
A Cross Site Scripting XSS vulnerability exists in DanPros htmly 2.8.1 via the Description field in 1 admin/config, and 2 index.php pages...
CVE-2021-42867
A Cross Site Scripting XSS vulnerability exists in DanPros htmly 2.8.1 via the Description field in 1 admin/config, and 2 index.php pages...
Cross site scripting
A Cross Site Scripting XSS vulnerability exists in DanPros htmly 2.8.1 via the Description field in 1 admin/config, and 2 index.php pages...
Cross site scripting
A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...
CVE-2021-42946
A Cross Site Scripting XSS vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page...
CVE-2021-42946
CVE-2021-42946 describes a Cross Site Scripting (XSS) vulnerability in HTMLy 2.8.1 that can be triggered through the “copyright” field on the /admin/config page. The connected sources confirm the affected product and location of the vulnerability, but do not provide explicit details on root cause...