The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote malicious users to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through special content.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
htmly htmly 2.8.1 |