Packagist (Composer) package
verbb/comments
pkg:composer/verbb/comments
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-13868 | — | < 1.5.5 | 1.5.5 | Jun 5, 2020 | An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity. | ||
| CVE-2020-13869 | — | < 1.5.5 | 1.5.5 | Jun 5, 2020 | An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name. | ||
| CVE-2020-13870 | — | < 1.5.5 | 1.5.5 | Jun 5, 2020 | An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name. |
- CVE-2020-13868Jun 5, 2020affected < 1.5.5fixed 1.5.5
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.
- CVE-2020-13869Jun 5, 2020affected < 1.5.5fixed 1.5.5
An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.
- CVE-2020-13870Jun 5, 2020affected < 1.5.5fixed 1.5.5
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.