3 results (0.002 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.5 para Craft CMS. Una vulnerabilidad de tipo CSRF afecta la integridad de los comentarios • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.6 para Craft CMS. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de un nombre de invitado • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.5 para Craft CMS. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de un nombre de volumen de activo • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •