CVE-2022-1087

A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used.
References
Link Resource
https://github.com/liaojia-99/project/blob/main/htmly/1.md Exploit Third Party Advisory
https://github.com/liaojia-99/project/tree/main/htmly Exploit Third Party Advisory
https://vuldb.com/?id.195203 Third Party Advisory VDB Entry
https://github.com/liaojia-99/project/blob/main/htmly/1.md Exploit Third Party Advisory
https://github.com/liaojia-99/project/tree/main/htmly Exploit Third Party Advisory
https://vuldb.com/?id.195203 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:htmly:htmly:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:40

Type Values Removed Values Added
CVSS v2 : 3.5
v3 : 5.4
v2 : 3.5
v3 : 3.5
References () https://github.com/liaojia-99/project/blob/main/htmly/1.md - Exploit, Third Party Advisory () https://github.com/liaojia-99/project/blob/main/htmly/1.md - Exploit, Third Party Advisory
References () https://github.com/liaojia-99/project/tree/main/htmly - Exploit, Third Party Advisory () https://github.com/liaojia-99/project/tree/main/htmly - Exploit, Third Party Advisory
References () https://vuldb.com/?id.195203 - Third Party Advisory, VDB Entry () https://vuldb.com/?id.195203 - Third Party Advisory, VDB Entry

05 Apr 2022, 23:49

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 5.4
References (MISC) https://vuldb.com/?id.195203 - (MISC) https://vuldb.com/?id.195203 - Third Party Advisory, VDB Entry
References (MISC) https://github.com/liaojia-99/project/blob/main/htmly/1.md - (MISC) https://github.com/liaojia-99/project/blob/main/htmly/1.md - Exploit, Third Party Advisory
References (MISC) https://github.com/liaojia-99/project/tree/main/htmly - (MISC) https://github.com/liaojia-99/project/tree/main/htmly - Exploit, Third Party Advisory
CPE cpe:2.3:a:htmly:htmly:-:*:*:*:*:*:*:*

29 Mar 2022, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-29 06:15

Updated : 2024-11-21 06:40


NVD link : CVE-2022-1087

Mitre link : CVE-2022-1087

CVE.ORG link : CVE-2022-1087


JSON object : View

Products Affected

htmly

  • htmly
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')