CVE-2025-10758 | htmly up to 3.1.0 Custom Field /htmly/admin/field/post label cross site scripting

A vulnerability was found in htmly up to 3.1.0 and classified as problematic. The impacted element is an unknown function of the file /htmly/admin/field/post of the component Custom Field Handler. Such manipulation of the argument label leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2025-10758. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More