CVE-2018-19289

Published November 15th, 2018

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.

xCss/Valine

A fast, simple & powerful comment system.

GitHub

2.24K