Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.
AnalysisAI
A cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts (CVSS 6.4) that allows attackers. Remediation should follow standard vulnerability management procedures. Vendor patch is available.
Technical ContextAI
CWE-79 (Cross-site Scripting). Affects comment hypertext handling that allows attackers to inject malicious scripts.
RemediationAI
Apply the vendor-supplied patch immediately.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12188
GHSA-vggc-6pg2-xvp9