CVE-2020-13868

The CVE-2020-13868 entry affects the Craft CMS Comments plugin prior to version 1.5.5, with a CSRF flaw that can compromise the integrity of comments. The connected sources confirm the vulnerability and link to a changelog entry noting the fixed version (1.5.5, dated 2020-05-28). No exploitation ...

CVE-2020-13869

The CVE-2020-13869 issue affects the Craft CMS Comments plugin prior to version 1.5.6. It enables stored XSS via the guest name field, due to insufficient input sanitization (as corroborated by multiple sources). Impact: attacker-supplied guest name can inject scripts and run in a user’s browser....

CVE-2020-13870

CVE-2020-13870 affects the Craft CMS Comments plugin prior to 1.5.5, with a stored XSS flaw via an asset volume name. Root cause: lack of input validation leading to stored XSS. Impact is dependent on affected Craft CMS deployments; remediation is to upgrade the Comments plugin to 1.5.5 or later....