Vulnerabilities > Htmly

DATE CVE VULNERABILITY TITLE RISK
2022-09-30 CVE-2021-33354 Path Traversal vulnerability in Htmly
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.
network
low complexity
htmly CWE-22
8.1
8.1
2022-08-26 CVE-2021-40285 Path Traversal vulnerability in Htmly 2.8.1
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.
network
low complexity
htmly CWE-22
8.1
8.1
2022-03-31 CVE-2021-42867 Cross-site Scripting vulnerability in Htmly 2.8.1
A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages.
network
low complexity
htmly CWE-79
4.8
4.8
2022-03-31 CVE-2021-42946 Cross-site Scripting vulnerability in Htmly 2.8.1
A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.
network
low complexity
htmly CWE-79
4.8
4.8
2022-03-29 CVE-2022-1087 Cross-site Scripting vulnerability in Htmly
A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module.
network
low complexity
htmly CWE-79
5.4
5.4
2022-03-01 CVE-2022-25022 Cross-site Scripting vulnerability in Htmly 2.8.1
A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post.
network
low complexity
htmly CWE-79
5.4
5.4
2021-08-03 CVE-2021-36701 Unspecified vulnerability in Htmly 2.8.1
In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files.
network
low complexity
htmly
critical
 9.1
9.1
2021-08-03 CVE-2021-36702 Cross-site Scripting vulnerability in Htmly 2.8.1
The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability.
network
low complexity
htmly CWE-79
6.1
6.1
2021-08-03 CVE-2021-36703 Cross-site Scripting vulnerability in Htmly 2.8.1
The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability.
network
low complexity
htmly CWE-79
6.1
6.1
2021-05-21 CVE-2020-23766 Path Traversal vulnerability in Htmly 2.7.5
An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges.
network
low complexity
htmly CWE-22
6.5
6.5