Fuzz7Jop

**Name of the Vulnerable Software and Affected Versions** htmly version 2.8.1 **Description** The issue allows a remote attacker to delete arbitrary known files on the local host when deleting backup files, due to an Arbitrary File Deletion vulnerability. **Recommendations** For htmly version 2.8.1, consider restricting access to the backup file deletion functionality until a fix is available. As a temporary workaround, avoid using the delete backup files feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** htmly version 2.8.1 **Description** The issue concerns a storage cross site scripting (XSS) vulnerability in the "blog title" field of the "Settings" menu "config" page in the "dashboard". This vulnerability allows remote attackers to send an authenticated POST HTTP request to the "admin/config" endpoint and inject arbitrary web script or HTML through a special website name. **Recommendations** For htmly version 2.8.1, consider restricting access to the "admin/config" endpoint until a patch is available. As a temporary workaround, avoid using the "blog title" field in the "Settings" menu "config" page of the "dashboard" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.