CVE-2026-32774

MEDIUM

Vulnogram - Stored Cross-Site Scripting via Comment Hypertext

Title source: cna
STIX 2.1

Description

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.

References (4)

Scores

CVSS v3 6.4
EPSS 0.0001
EPSS Percentile 3.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (3)
npm/vulnogram 0npm
vulnogram/vulnogram 1.0.0 beta1
Vulnogram/Vulnogram 1.0.0
Published Mar 16, 2026
Tracked Since Mar 16, 2026