umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF)...
7.5CVSS
7.6AI Score
0.001EPSS
remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and...
6.1CVSS
5.9AI Score
0.001EPSS