CNNVD-202509-3214 Information

CNNVD ID

CNNVD-202509-3214

Related CVE

CVE-2025-10758

• CNNVD Published: 2025-09-21

Description (Chinese)

HTMLy是HTMLy开源的一套基于PHP的博客平台。 htmly 3.1.0及之前版本存在代码注入漏洞，该漏洞源于对文件/htmly/admin/field/post中参数label的错误操作，可能导致跨站脚本攻击。

Description (English)

HTML is an open-source set of PHP-based blogs. htmly 3.1.0 and previous versions contain code-injecting holes, which stem from the wrong operation of Label, the parameter in the file/htmly/admin/field/post, which may result in a cross-station script attack.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

Huachu Digital

Published

2025-09-21

Last Modified

2026-02-24

References

https://vuldb.com/?ctiid.325113 https://vuldb.com/?id.325113 https://vuldb.com/?submit.645806 https://www.notion.so/inmog/Reported-Vulnerability-XSS-Vulnerability-in-htmly-v3-1-0-2627752d1edd804fbd71f310bde44d11 https://access.redhat.com/security/cve/cve-2025-10758