CVE-2019-8349

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-8349

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8349.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-8349

Published

2019-05-08T14:29:00.420Z

Modified

2025-11-14T10:02:39.867947Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3) content parameter in the profile feature.

References

Affected packages

Git / github.com/danpros/htmly

Affected ranges

Type: GIT
Repo: https://github.com/danpros/htmly
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

ef62b9e4609254aabb07a28f318ede2d0221e8c5

Affected versions

v1.*

v1.0

v1.1

v1.5

v1.6

v1.7

v1.8

v1.9

v2.*

v2.0

v2.1

v2.2

v2.3

v2.4

v2.4.1

v2.5

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6.0

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8349.json"