RSS   Vulnerabilities for 'Valine'   RSS

2022-04-05
 
CVE-2020-28847

CWE-79
 
 
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.

 
2021-06-16
 
CVE-2021-34801

CWE-94
 
 
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.

 
2018-11-15
 
CVE-2018-19289

CWE-74
 
 
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.

 

Copyright 2024, cxsecurity.com

 

Back to Top