Valine Security Vulnerabilities and Issues — Valine CVE List

Lucene search

Valine.jsValine

4 matches found

CVE•added 2022/09/19 11:15 p.m.•51 views

CVE-2022-38545

Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.

9.6CVSS9.7AI score0.25024EPSS

CVE•added 2018/11/15 6:29 a.m.•42 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.

6.1CVSS6.2AI score0.00427EPSS

CVE•added 2021/06/16 3:15 p.m.•40 views

CVE-2021-34801

Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.

5.3CVSS5.3AI score0.01046EPSS

CVE•added 2022/04/05 4:15 p.m.•39 views

CVE-2020-28847

Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.

5.4CVSS5.2AI score0.00181EPSS