CNNVD-202510-294 Information

CNNVD ID

CNNVD-202510-294

Related CVE

CVE-2025-56154

• CNNVD Published: 2025-10-02

Description (Chinese)

HTMLy是HTMLy开源的一套基于PHP的博客平台。 HTMLy 3.0.8版本存在安全漏洞，该漏洞源于name参数清理不当，可能导致跨站脚本攻击。

Description (English)

HTML is an open-source set of PHP-based blogs. There is a security gap in HTML version 3.0.8, which stems from the inappropriate clean-up of name parameters, which may result in a cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

HTMLy

Published

2025-10-02

Last Modified

2026-02-24

References

https://github.com/danpros/htmly/releases/tag/v3.0.9#:~:text=Security%20fixes%20found%20in%20version%203.0.8 https://gist.github.com/akinerkisa/28e97fa132b1a98cff5d05a79b437901 https://access.redhat.com/security/cve/cve-2025-56154

Patch

https://github.com/danpros/htmly/releases