CVE-2021-36702

Name of the Vulnerable Software and Affected Versions htmly version 2.8.1

Description The issue concerns a storage cross-site scripting (XSS) vulnerability in the "content" field of the "regular post" page under the "add content" menu in the "dashboard". This vulnerability allows remote attackers to send authenticated POST-HTTP requests to add content and inject arbitrary web scripts or HTML through special content.

Recommendations For htmly version 2.8.1, consider disabling the "content" field in the "regular post" page until a patch is available to prevent exploitation of the storage XSS vulnerability. Restrict access to the "add content" menu under the "dashboard" to minimize the risk of arbitrary web script or HTML injection. Avoid using the "content" field in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.