0.001 Low
EPSS
Percentile
22.9%
valine is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of the nick parameters via /classes/Comments allowing an attacker to inject and store maliciously crafted script.
github.com/xCss/Valine/commit/b307a265ee7fae9cfbe903c9a42c7263f4ebd513
github.com/xCss/Valine/issues/348