CVE-2022-1087: htmly Edit Profile Module cross site scripting
First published: Tue Mar 29 2022(Updated: )
A vulnerability, which was classified as problematic, has been found in htmly 5.3 whis affects the component Edit Profile Module. The manipulation of the field Title with script tags leads to persistent cross site scripting. The attack may be initiated remotely and requires an authentication. A simple POC has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Htmly |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-1087?
CVE-2022-1087 is a vulnerability found in htmly 5.3 affecting the Edit Profile Module, which allows for persistent cross-site scripting.
What is the severity of CVE-2022-1087?
CVE-2022-1087 has a severity rating of medium with a value of 5.4.
How does CVE-2022-1087 impact htmly?
CVE-2022-1087 allows an attacker to manipulate the Title field with script tags, leading to persistent cross-site scripting in htmly 5.3.
Can CVE-2022-1087 be initiated remotely?
Yes, CVE-2022-1087 can be initiated remotely.
Is authentication required for exploiting CVE-2022-1087?
Yes, exploiting CVE-2022-1087 requires authentication.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/htmly
- canonical/htmly