2026-02-03 22:01:40
VulnCheck
PUBLISHED
Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the comment_author POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers.