htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.

By admin