Vulnogram contains a stored cross-site scripting vulnerability in comment hypertext handling

Description

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims’ browsers.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.0.0

References

• GHSA-vggc-6pg2-xvp9
• www.vulncheck.com
• CVE-2026-32774
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• DOMPurify contains a Cross-site Scripting vulnerability - CVE-2026-0540
• html2pdf.js contains a cross-site scripting vulnerability - CVE-2026-22787
• DOMPurify contains a Cross-site Scripting vulnerability - dompurify - CVE-2025-15599
• Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint - CVE-2025-65019

You might also like:

How do hackers hack websites?

CSRF, XXE, and 12 Other Security Acronyms Explained

Exploiting Server Version Disclosure

Tags:

npm

vulnogram