VYPR
Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Feb 4, 2026

Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting

CVE-2020-37072

Description

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.