VYPR
Vendor

Commenthol

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2017-15871HigOct 24, 2017
    risk 0.49cvss 7.5epss 0.01

    The deserialize function in serialize-to-js through 1.1.1 allows attackers to cause a denial of service via vectors involving an Immediately Invoked Function Expression "function()" substring, as demonstrated by a "function(){console.log(" call or a simple infinite loop. NOTE:…

  • CVE-2026-46492HigJun 9, 2026
    risk 0.40cvss 7.2epss 0.00

    md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including…

  • CVE-2019-16772Dec 6, 2019
    risk 0.00cvss epss 0.01

    The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation…