CVE-2026-32774
Stored XSS in Vulnogram 1.0.0 Comments Enables Remote Script Execution
Publication date: 2026-03-16
Last updated on: 2026-03-20
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vulnogram | vulnogram | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-32774 is a stored cross-site scripting (XSS) vulnerability found in Vulnogram version 1.0.0. It occurs due to improper neutralization of input in the handling of comment hypertext, allowing remote attackers to inject malicious JavaScript payloads through comments.'}, {'type': 'paragraph', 'content': "These injected scripts are stored and later executed in the browsers of users who view the affected comments, enabling attackers to run arbitrary JavaScript code in victims' browsers."}] [2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript in your browser when viewing maliciously crafted comments. This can lead to unauthorized actions such as session hijacking, theft of sensitive information, or manipulation of the web page content.
Since the vulnerability is stored XSS, the malicious payload persists and affects all users who access the compromised comments.
The CVSS v4 base score of 5.1 indicates a medium severity, with a network attack vector and low attack complexity, meaning it can be exploited remotely with limited effort but requires some user interaction.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is a stored cross-site scripting (XSS) issue in Vulnogram 1.0.0 caused by improper neutralization of input in comment hypertext handling.
Immediate mitigation steps include:
- Avoid using or exposing vulnerable versions of Vulnogram (version 1.0.0 and earlier) until a patch or update is available.
- Restrict user input in comment fields to prevent injection of malicious scripts.
- Implement input validation and output encoding to neutralize potentially malicious content in comments.
- Secure the Vulnogram deployment by enabling HTTPS and restricting access to trusted users only.
- Monitor and audit comments for suspicious scripts or payloads that could exploit the vulnerability.