Vulnogram contains a stored cross-site scripting vulnerability in comment hypertext handling

Severity:: Medium

Description

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims’ browsers.

Recommendation

No fix is available yet. Followings are affected versions:

<= 1.0.0

References

GHSA-vggc-6pg2-xvp9
www.vulncheck.com
CVE-2026-32774
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

html2pdf.js contains a cross-site scripting vulnerability - CVE-2026-22787
DOMPurify contains a Cross-site Scripting vulnerability - CVE-2026-0540
Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint - CVE-2025-65019
beautiful-mermaid contains an SVG attribute injection issue that can lead to cross-site scripting (XSS) - CVE-2026-26226

Tags:: npm; vulnogram

Anything's wrong? Let us know Last updated on March 20, 2026