Storage Cross Site Scripting (XSS) Vulnerability in Content Field of Regular Post Page in htmly 2.8.1

Storage Cross Site Scripting (XSS) Vulnerability in Content Field of Regular Post Page in htmly 2.8.1

CVE-2021-36702 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through special content.

Learn more about our Web App Pen Testing.