CVE-2021-40285

htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php...

Arbitrary file deletion

htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php...

CVE-2021-40285

htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php...

CVE-2022-29773

An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...

CVE-2022-25022

A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...

CVE-2022-25022

CVE-2022-25022 is a cross-site scripting (XSS) vulnerability in Htmly v2.8.1 where an attacker can inject arbitrary HTML/script via the blog post content field. Multiple connected records (including Red Hat, CNVD, OSV, and CNVD-style entries) corroborate this issue with consistent description: vu...

CVE-2021-25957

In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password...

CVE-2021-36701

In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host...

CVE-2016-1000307

Multiple Cross Site Scripting XSS Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via 1 profiledesc, aboutme, schools, occupation, companies, hobbies, favmovies, favmusic, favbooks parameters to ProfileSettings page; 2 note...