xCss/Valine

xCss/Valine

Releases94

Frequency4 weeks 21 hours

Last Release over 1 year ago

Stars2.24K

A fast, simple & powerful comment system.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-38545 ↗	Sep 19, 2022Monday, 19 September 2022, 23:15	9.6 CRITICAL	—
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.
CVE-2020-28847 ↗	Apr 5, 2022Tuesday, 5 April 2022, 16:15	5.4 MEDIUM	3.5 LOW
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.
CVE-2021-34801 ↗	Jun 16, 2021Wednesday, 16 June 2021, 15:15	5.3 MEDIUM	5 MEDIUM
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.
CVE-2018-19289 ↗	Nov 15, 2018Thursday, 15 November 2018, 06:29	6.1 MEDIUM	4.3 MEDIUM
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.