CVE-2026-32774
Awaiting Analysis Awaiting Analysis - Queue
Stored XSS in Vulnogram 1.0.0 Comments Enables Remote Script Execution

Publication date: 2026-03-16

Last updated on: 2026-03-20

Assigner: VulnCheck

Description
Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-20
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32774
EUVD
EUVD-2026-12188
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
vulnogram vulnogram 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-32774 is a stored cross-site scripting (XSS) vulnerability found in Vulnogram version 1.0.0. It occurs due to improper neutralization of input in the handling of comment hypertext, allowing remote attackers to inject malicious JavaScript payloads through comments.'}, {'type': 'paragraph', 'content': "These injected scripts are stored and later executed in the browsers of users who view the affected comments, enabling attackers to run arbitrary JavaScript code in victims' browsers."}] [2]

Impact Analysis

This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript in your browser when viewing maliciously crafted comments. This can lead to unauthorized actions such as session hijacking, theft of sensitive information, or manipulation of the web page content.

Since the vulnerability is stored XSS, the malicious payload persists and affects all users who access the compromised comments.

The CVSS v4 base score of 5.1 indicates a medium severity, with a network attack vector and low attack complexity, meaning it can be exploited remotely with limited effort but requires some user interaction.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The vulnerability is a stored cross-site scripting (XSS) issue in Vulnogram 1.0.0 caused by improper neutralization of input in comment hypertext handling.

Immediate mitigation steps include:

  • Avoid using or exposing vulnerable versions of Vulnogram (version 1.0.0 and earlier) until a patch or update is available.
  • Restrict user input in comment fields to prevent injection of malicious scripts.
  • Implement input validation and output encoding to neutralize potentially malicious content in comments.
  • Secure the Vulnogram deployment by enabling HTTPS and restricting access to trusted users only.
  • Monitor and audit comments for suspicious scripts or payloads that could exploit the vulnerability.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32774. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart