CVE-2020-37072

Published February 3rd, 2026

View on NVD ↗

CVSS v3

7.2

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.

VictorAlagwu/CMSsite

A Simple Content Management System-Coded Using Mostly Procedural Programming Style in PHP

GitHub