CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13868
https://notcve.org/view.php?id=CVE-2020-13868
05 Jun 2020 — An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.5 para Craft CMS. Una vulnerabilidad de tipo CSRF afecta la integridad de los comentarios • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13869
https://notcve.org/view.php?id=CVE-2020-13869
05 Jun 2020 — An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.6 para Craft CMS. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de un nombre de invitado • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13870
https://notcve.org/view.php?id=CVE-2020-13870
05 Jun 2020 — An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.5 para Craft CMS. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de un nombre de volumen de activo • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2008-0773 – Mambo Component Comments 0.5.8.5g - SQL Injection
https://notcve.org/view.php?id=CVE-2008-0773
13 Feb 2008 — SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el componente Phil Taylor Comments (com_comments, también conocido como Review Script) 0.5.8.5g y anteriores para Mambo. Permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • https://www.exploit-db.com/exploits/5094 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •