CVE-2022-1087

Name of the Vulnerable Software and Affected Versions htmly version 5.3

Description A problematic issue has been found in the Edit Profile Module component. The manipulation of the Title field with script tags leads to persistent cross-site scripting. The attack can be initiated remotely and requires authentication. A simple proof of concept has been disclosed to the public.

Recommendations For htmly version 5.3, consider restricting the use of the Title field in the Edit Profile Module until a patch is available. As a temporary workaround, avoid using script tags in the Title field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.