| Title | Htmly Authenticated Stored Cross-Site Scripting(XSS) |
|---|
| Description | HTMLy is an open source Databaseless Blogging Platform or Flat-File Blog prioritizes simplicity and speed written in PHP. HTMLy can be referred to as Flat-File CMS either since it will also manage your content.You do not need to use a VPS to run HTMLy, shared hosting or even free hosting should work as long as the host supports at least PHP 5.3.Htmly CMS does not filter the content correctly at the "edit profile" module, resulting in the generation of stored XSS.Add payload at the title of edit profile module (click the Save), We can see the alert. |
|---|
| Source | ⚠️ https://github.com/liaojia-99/project/tree/main/htmly |
|---|
| User | joinia (UID 24916) |
|---|
| Submission | 03/16/2022 07:31 (4 years ago) |
|---|
| Moderation | 03/16/2022 07:34 (3 minutes later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 195203 [htmly 5.3 Edit Profile Title cross site scripting] |
|---|
| Points | 20 |
|---|