Every CVE whose affected-product data names Valine.js Valine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2022-38545 — CVSS 9.6 (critical): Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a…
CVE-2018-19289 — CVSS 6.1 (medium): An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in…
CVE-2020-28847 — CVSS 5.4 (medium): Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.
CVE-2021-34801 — CVSS 5.3 (medium): Valine 1.4.14 allows remote attackers to cause a denial of service (application outage) by supplying a ua (aka User-Agent) value that only…