CVE-2026-32774

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/Vulnogram/Vulnogram	Product
https://github.com/Vulnogram/Vulnogram/security/advisories/GHSA-pg4p-2985-gvxr	Broken Link
https://www.vulncheck.com/advisories/vulnogram-stored-cross-site-scripting-via-comment-hypertext	Third Party Advisory
https://github.com/Vulnogram/Vulnogram/commit/2f0e21b113c58124084c7b74c9768fc241126a05	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:vulnogram:vulnogram:1.0.0:beta1:*:*:*:*:*:*

History

20 Mar 2026, 18:26

Type	Values Removed	Values Added
CPE		cpe:2.3:a:vulnogram:vulnogram:1.0.0:beta1::::::
First Time		Vulnogram Vulnogram vulnogram
References	~~() https://github.com/Vulnogram/Vulnogram -~~	() https://github.com/Vulnogram/Vulnogram - Product
References	~~() https://github.com/Vulnogram/Vulnogram/security/advisories/GHSA-pg4p-2985-gvxr -~~	() https://github.com/Vulnogram/Vulnogram/security/advisories/GHSA-pg4p-2985-gvxr - Broken Link
References	~~() https://www.vulncheck.com/advisories/vulnogram-stored-cross-site-scripting-via-comment-hypertext -~~	() https://www.vulncheck.com/advisories/vulnogram-stored-cross-site-scripting-via-comment-hypertext - Third Party Advisory
References	~~() https://github.com/Vulnogram/Vulnogram/commit/2f0e21b113c58124084c7b74c9768fc241126a05 -~~	() https://github.com/Vulnogram/Vulnogram/commit/2f0e21b113c58124084c7b74c9768fc241126a05 - Patch

19 Mar 2026, 18:16

Type	Values Removed	Values Added
Summary		(es) Vulnogram 1.0.0 contiene una vulnerabilidad de cross-site scripting almacenado en el manejo de hipertexto de comentarios que permite a los atacantes inyectar scripts maliciosos. Los atacantes remotos pueden inyectar cargas útiles de XSS a través de comentarios para ejecutar JavaScript arbitrario en los navegadores de las víctimas.
References		() https://github.com/Vulnogram/Vulnogram/commit/2f0e21b113c58124084c7b74c9768fc241126a05 -

16 Mar 2026, 14:19

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-16 14:19

Updated : 2026-03-20 18:26

NVD link : CVE-2026-32774

Mitre link : CVE-2026-32774

CVE.ORG link : CVE-2026-32774

JSON object : View

Products Affected

vulnogram

vulnogram

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.4 /10