CVE-2026-32774 | THREATINT

Description

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.

PUBLISHED Reserved 2026-03-14 | Published 2026-03-14 | Updated 2026-03-19 | Assigner VulnCheck

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

MEDIUM: 6.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status

unaffected

1.0.0

affected

Credits

Scott Moore - VulnCheck finder

References

github.com/...ommit/2f0e21b113c58124084c7b74c9768fc241126a05

github.com/...nogram/security/advisories/GHSA-pg4p-2985-gvxr third-party-advisory

github.com/Vulnogram/Vulnogram product

www.vulncheck.com/...ss-site-scripting-via-comment-hypertext (VulnCheck Advisory: Vulnogram - Stored Cross-Site Scripting via Comment Hypertext) third-party-advisory

cve.org (CVE-2026-32774)

nvd.nist.gov (CVE-2026-32774)

Download JSON