| 标题 | Htmly Htmly CMS 3.1.0 Cross Site Scripting |
|---|
| 描述 | HTMLy v3.1.0 contains a stored cross-site scripting (XSS) vulnerability whereby an editor can inject malicious scripts through the label parameter within the custom fields page, resulting in the execution of arbitrary web scripts or HTML code when an administrator subsequently creates new blog posts or edits existing posts. |
|---|
| 来源 | ⚠️ https://www.notion.so/inmog/Reported-Vulnerability-XSS-Vulnerability-in-htmly-v3-1-0-2627752d1edd804fbd71f310bde44d11 |
|---|
| 用户 | inmoyang (UID 89515) |
|---|
| 提交 | 2025-09-02 16時47分 (8 月前) |
|---|
| 管理 | 2025-09-20 08時54分 (18 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 325113 [htmly 直到 3.1.0 Custom Field /htmly/admin/field/post label 跨网站脚本] |
|---|
| 积分 | 19 |
|---|