Valine.Js Valine vulnerabilities
4 known vulnerabilities affecting valine.js/valine.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-38545P3CRITICALCVSS 9.6v1.4.182022-09-19
CVE-2022-38545 [CRITICAL] CWE-79 CVE-2022-38545: Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows at
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.
ghsanvdosv
CVE-2018-19289P4MEDIUMCVSS 6.1v1.3.32018-11-15
CVE-2018-19289 [MEDIUM] CWE-79 CVE-2018-19289: An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaS
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.
ghsanvdosv
CVE-2021-34801P4MEDIUMCVSS 5.3v1.4.142021-06-16
CVE-2021-34801 [MEDIUM] CVE-2021-34801: Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.
ghsanvdosv
CVE-2020-28847P4MEDIUMCVSS 5.4v1.4.142022-04-05
CVE-2020-28847 [MEDIUM] CWE-79 CVE-2020-28847: Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/C
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.
ghsanvdosv