Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Feb 4, 2026
Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting
CVE-2020-37072
Description
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: = 1.0
- Range: 1.0
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/48484mitreexploit
- www.vulncheck.com/advisories/victor-cms-commentauthor-persistent-cross-site-scriptingmitrethird-party-advisory
News mentions
0No linked articles in our index yet.