VYPR
Unrated severityNVD Advisory· Published Oct 2, 2025· Updated Jan 20, 2026

CVE-2025-56154

CVE-2025-56154

Description

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Danpros/Htmlycpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = 3.0.8

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.