CVE-2022-1087

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VulDBCNA
3.5 LOW
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
htmlyhtmly
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/liaojia-99/project/blob/main/htmly/1.md
https://github.com/liaojia-99/project/tree/main/htmly
https://vuldb.com/?id.195203
https://github.com/liaojia-99/project/blob/main/htmly/1.md
https://github.com/liaojia-99/project/tree/main/htmly
https://vuldb.com/?id.195203