CVE-2026-32774
Vulnogram - Stored Cross-Site Scripting via Comment Hypertext
CVSS Score
6.4
EPSS Score
0.0%
EPSS Percentile
0th
Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.
| CWE | CWE-79 |
| Vendor | vulnogram |
| Product | vulnogram |
| Published | Mar 14, 2026 |
| Last Updated | Mar 19, 2026 |
Stay Ahead of the Next One
Get instant alerts for vulnogram vulnogram
Be the first to know when new medium vulnerabilities affecting vulnogram vulnogram are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Vulnogram / Vulnogram
1.0.0
References
github.com: https://github.com/Vulnogram/Vulnogram/security/advisories/GHSA-pg4p-2985-gvxr github.com: https://github.com/Vulnogram/Vulnogram vulncheck.com: https://www.vulncheck.com/advisories/vulnogram-stored-cross-site-scripting-via-comment-hypertext github.com: https://github.com/Vulnogram/Vulnogram/commit/2f0e21b113c58124084c7b74c9768fc241126a05
Credits
Scott Moore - VulnCheck