Remark42: >> Remark42 >> 1.6.0 Security Vulnerabilities
umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-10-23
remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-03-27