GHSA-9FWW-8CPR-Q66R Isso affected by Stored XSS via comment website field

Impact This is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, which left single and double quotes unescaped. Since the frontend inserts the website value directly into a single-quoted href...

CVE-2026-27469

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

CVE-2026-27469

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

CVE-2026-27469 Isso: Stored XSS via comment website field

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

CVE-2026-27469

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting XSS vulnerability affecting the website and author comment fields. The website field was HTML-escaped using quote=False, whi...

CVE-2026-27469

Isso is a lightweight Python/JavaScript commenting server affected by a stored XSS in commits prior to 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144. The vulnerability affects the website field and author comments because quotes were not properly escaped; the frontend inserts the website value into a ...

Isso 安全漏洞

Isso is a comment server open-source project developed by Isso Comments. Isso has a security vulnerability, which stems from insufficient cleaning and escaping of fields related to website and author comments. This vulnerability may lead to storage-side cross-site scripting attacks...

PT-2026-21366

Name of the Vulnerable Software and Affected Versions Isso versions prior to 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144 Description Isso, a lightweight commenting server written in Python and JavaScript, contains a stored Cross-Site Scripting XSS issue. The website and author comment fields are...