CVE-2020-37072

Medium CVSS: 5.1

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.

Vendor

Victor Cms Project

Product

Victor Cms

CWE

CWE-79

Yayın Tarihi

2026-02-03 22:16:22

Güncelleme

2026-02-10 14:52:43

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Victor Cms MEDIUM Victor Cms Project 2026

Referanslar

https://github.com/VictorAlagwu/CMSsite https://www.exploit-db.com/exploits/48484 https://www.vulncheck.com/advisories/victor-cms-commentauthor-persistent-cross-site-scripting

Benzer Kayıtlar

High

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote att…

High

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with a…

High

CVE-2020-36942

Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files throug…