Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Valine
(Valine\.js)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-16 | CVE-2021-34801 | Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version. | Valine | 5.3 | ||
| 2022-04-05 | CVE-2020-28847 | Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment. | Valine | 5.4 | ||
| 2022-09-19 | CVE-2022-38545 | Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request. | Valine | 9.6 | ||
| 2018-11-15 | CVE-2018-19289 | An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file. | Valine | N/A |