verbb/comments is vulnerable to cross-site scripting (XSS). It is possible because it does not sanitize the user-provided input for guest name username
, allowing an attacker to inject and execute malicious scripts in a user’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
verbb/comments | le | 1.5.5 |