An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NVerbb Comments
APPVerbb< 1.5.5
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Powiązane podatności
CVE-2020-13868MEDIUM6.5ten sam produkt
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.
CVE-2020-13870MEDIUM5.4ten sam produkt
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset vo...
CVE-2020-13485CRITICAL9.1ten sam vendor
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP heade...
CVE-2020-13458HIGH8.8ten sam vendor
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the...
CVE-2025-32426MEDIUM4.6ten sam vendor
Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious c...