📦

comments

Vendor: phil_taylor

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 0.14% Exploit Prob.

Latest CVE CVE-2020-13870 Jun 05

Security Vulnerability Index

Page 1 / 1

5.4 CVSS

CVE-2020-13870

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.

EPSS: 0.21%

Severity: MEDIUM

Jun 05, 2020

5.4 CVSS

CVE-2020-13869

An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.

EPSS: 0.21%

Severity: MEDIUM

Jun 05, 2020

6.5 CVSS

CVE-2020-13868

An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.

EPSS: 0.12%

Severity: MEDIUM

Jun 05, 2020

7.5 CVSS

CVE-2008-0773

Exploit Found

SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

EPSS: 0.02%

Severity: HIGH

Feb 14, 2008

Displaying 4 of 1 Total Entries

Total 1 Sections