Vulnerabilities (CVE)

Filtered by vendor Valine.js Subscribe
Filtered by product Valine
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-38545 1 Valine.js 1 Valine 2024-11-21 N/A 9.6 CRITICAL
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.
CVE-2021-34801 1 Valine.js 1 Valine 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.
CVE-2020-28847 1 Valine.js 1 Valine 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.
CVE-2018-19289 1 Valine.js 1 Valine 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.