Every CVE whose affected-product data names Htmly, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2021-36701 — CVSS 9.1 (critical): In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on the local host when delete backup files. The vulnerability may allow…
CVE-2021-40285 — CVSS 8.1 (high): htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.
CVE-2021-33354 — CVSS 8.1 (high): Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file…
CVE-2020-23766 — CVSS 6.5 (medium): An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete…
CVE-2024-34191 — CVSS 6.5 (medium): htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This…
CVE-2019-8349 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the…
CVE-2021-36702 — CVSS 6.1 (medium): The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site…
CVE-2021-36703 — CVSS 6.1 (medium): The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS)…
CVE-2024-30953 — CVSS 6.1 (medium): A stored cross-site scripting (XSS) vulnerability in Htmly v2.9.5 allows attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2025-56154 — CVSS 6.1 (medium): htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is…
CVE-2022-25022 — CVSS 5.4 (medium): A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in…
CVE-2021-42867 — CVSS 4.8 (medium): A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php…
CVE-2021-42946 — CVSS 4.8 (medium): A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.
CVE-2022-1087 — CVSS 3.5 (low): A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The…
CVE-2025-10758 — CVSS 2.4 (low): A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file…