Valine.js: Security Vulnerabilities
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.
CVSS Score
9.6
EPSS Score
0.249
Published
2022-09-19
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-05
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.
CVSS Score
5.3
EPSS Score
0.007
Published
2021-06-16
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-11-15