2 matches found
CVE-2020-13869
An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name...
CVE-2020-13869
The CVE-2020-13869 issue affects the Craft CMS Comments plugin prior to version 1.5.6. It enables stored XSS via the guest name field, due to insufficient input sanitization (as corroborated by multiple sources). Impact: attacker-supplied guest name can inject scripts and run in a user’s browser....