CVE-2018-19289

2018-11-1506:29:00

Google

osv.dev

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

37.2%

JSON

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.

References

github.com/xCss/Valine/issues/127