htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.
CVSS Score
8.1
EPSS Score
0.001
Published
2022-08-26
A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-03-31
A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-03-31
A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post.
CVSS Score
5.4
EPSS Score
0.006
Published
2022-03-01
The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through special content.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-03
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website name.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-08-03
In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow a remote attacker to delete arbitrary know files on the host.
CVSS Score
9.1
EPSS Score
0.009
Published
2021-08-03