CVE-2021-30637

Name of the Vulnerable Software and Affected Versions htmly version 2.8.0

Description The issue allows stored XSS via the blog title, Tagline, or Description to config.html.php. This can be exploited to inject malicious scripts into the application.

Recommendations For htmly version 2.8.0, as a temporary workaround, consider validating and sanitizing user input for the blog title, Tagline, and Description fields to prevent XSS attacks. Restrict access to the config.html.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.