Unrated severityNVD Advisory· Published Oct 2, 2025· Updated Jan 20, 2026
CVE-2025-56154
CVE-2025-56154
Description
htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.