Skip to content
Permalink
main
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time

Htmly Authenticated Stored Cross-Site Scripting(XSS)

Description

Htmly CMS does not filter the content correctly at the "edit profile" module, resulting in the generation of stored XSS.

Affects CMS

Htmly CMS

https://github.com/danpros/htmly/

Author

webraybtl@webray.com.cn inc

Proof of Concept

Add payload at the title of edit profile module (click the Save), We can see the alert.

3

1

2