CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13868
https://notcve.org/view.php?id=CVE-2020-13868
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.5 para Craft CMS. Una vulnerabilidad de tipo CSRF afecta la integridad de los comentarios • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13869
https://notcve.org/view.php?id=CVE-2020-13869
An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.6 para Craft CMS. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de un nombre de invitado • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13870
https://notcve.org/view.php?id=CVE-2020-13870
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. Se detectó un problema en el plugin Comments versiones anteriores a 1.5.5 para Craft CMS. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de un nombre de volumen de activo • https://github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •