Vulnerabilities > Valine JS

DATE CVE VULNERABILITY TITLE RISK
2022-09-19 CVE-2022-38545 Cross-site Scripting vulnerability in Valine.Js Valine 1.4.18
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.
network
low complexity
valine-js CWE-79
critical
9.6
2022-04-05 CVE-2020-28847 Cross-site Scripting vulnerability in Valine.Js Valine 1.4.14
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.
network
low complexity
valine-js CWE-79
5.4
2021-06-16 CVE-2021-34801 Unspecified vulnerability in Valine.Js Valine 1.4.14
Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only specifies the product and version.
network
low complexity
valine-js
5.3
2018-11-15 CVE-2018-19289 Cross-site Scripting vulnerability in Valine.Js Valine 1.3.3
An issue was discovered in Valine v1.3.3.
network
low complexity
valine-js CWE-79
6.1