Security Advisory

CVE-2020-37072

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-03 22:01:40

Last updated 2026-02-04 19:04:22

Assigner VulnCheck

State PUBLISHED

Description

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the comment_author POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.

← Browse all CVEs View on cve.org ↗