CVE-2022-1087
LOWhtmly 5.3 - Authenticated Stored Cross-Site Scripting in Edit Profile Module
Title source: llmDescription
A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/liaojia-99/project/tree/main/htmly
Exploit, Third Party Advisory x_refsource_misc
https://github.com/liaojia-99/project/blob/main/htmly/1.md
Third Party Advisory, VDB Entry x_refsource_misc
https://vuldb.com/?id.195203
Scores
CVSS v3
3.5
EPSS
0.0092
EPSS Percentile
55.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
htmly/htmly
Published
Mar 29, 2022
Tracked Since
Feb 18, 2026