CVE-2026-38949

Published
View on NVD ↗
CVSS v3
8.9
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user input, allowing injection of arbitrary code

danpros/htmly
danpros/htmly
Simple and fast databaseless PHP blogging platform, and Flat-File CMS
GitHubGitHub
1.34K
Chittu13/cve-research
Chittu13/cve-research
GitHubGitHub