CVE-2025-56154 — MEDIUM (6.1)

Vulnerability Description

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Htmly	Htmly	3.0.8

Related Weaknesses (CWE)

CWE-79

References

https://gist.github.com/akinerkisa/28e97fa132b1a98cff5d05a79b437901Third Party Advisory
https://github.com/danpros/htmly/releases/tag/v3.0.9#:~:text=Security%20fixes%20Release Notes
https://pastebin.com/dVityKmU

FAQ

What is CVE-2025-56154?

CVE-2025-56154 is a vulnerability with a CVSS score of 6.1 (MEDIUM). htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML resp...

How severe is CVE-2025-56154?

CVE-2025-56154 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-56154?

Check the references section above for vendor advisories and patch information. Affected products include: Htmly Htmly.