Akıner Kısa akinerkisa

## CVE-2025-56154.txt
Title: CVE-2025-56154 — Reflected XSS in /author/:name (htmly v3.0.8)

CVE ID: CVE-2025-56154

Summary:
htmly v3.0.8 contains a reflected cross-site scripting (XSS) vulnerability in the /author/:name endpoint. The `name` parameter is not properly sanitized before being reflected into the HTML response, allowing an attacker to inject arbitrary JavaScript payloads in a crafted URL. If a user visits such a URL, the injected script may execute in the victim's browser context, potentially leading to information disclosure, session hijacking, or actions performed on behalf of the user.

Affected product / versions:
- Vendor: danpros
- Project / Repo: https://github.com/danpros/htmly
	Title: CVE-2025-56154 — Reflected XSS in /author/:name (htmly v3.0.8)

	CVE ID: CVE-2025-56154

	Summary:
	htmly v3.0.8 contains a reflected cross-site scripting (XSS) vulnerability in the /author/:name endpoint. The `name` parameter is not properly sanitized before being reflected into the HTML response, allowing an attacker to inject arbitrary JavaScript payloads in a crafted URL. If a user visits such a URL, the injected script may execute in the victim's browser context, potentially leading to information disclosure, session hijacking, or actions performed on behalf of the user.

	Affected product / versions:
	- Vendor: danpros
	- Project / Repo: https://github.com/danpros/htmly