CVE-2025-56154

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions htmly version 3.0.8

Description The application is susceptible to Cross Site Scripting (XSS) due to insufficient sanitization of user-supplied input. Specifically, the /author/:name API endpoint does not properly sanitize the name parameter before reflecting it in the HTML response. This allows attackers to inject arbitrary JavaScript payloads.

Recommendations Apply proper input sanitization to the name parameter in the /author/:name endpoint.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-56154

Affected Products

Htmly

CVE-2025-56154

Weakness Enumeration

Related Identifiers

Affected Products

References · 9