EPSS
Percentile
22.7%
verbb/comments is vulnerable to cross-site scripting (XSS). It is possible because it does not sanitize the user-provided input for guest name username, allowing an attacker to inject and execute malicious scripts in a user’s browser.
username
github.com/verbb/comments/blob/craft-3/CHANGELOG.md#155---2020-05-28-critical
github.com/verbb/comments/blob/craft-3/CHANGELOG.md#156---2020-05-29-critical
github.com/verbb/comments/commit/248f8d525a0aa66408ca380cb3163754f8883104
github.com/verbb/comments/releases/tag/1.5.6