adrienne

2 exploits Active since Jun 2020
CVE-2020-13868 WRITEUP MEDIUM WRITEUP
verbb Comments < 1.5.5 - Cross-Site Request Forgery
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.
CVSS 6.5
CVE-2020-13870 WRITEUP MEDIUM WRITEUP
verbb Comments < 1.5.5 - Stored Cross-Site Scripting via Asset Volume Name
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.
CVSS 5.4