Soffm

**Name of the Vulnerable Software and Affected Versions** xCss Valine version 1.4.14 **Description** A Cross Site Scripting (XSS) issue exists in xCss Valine via the `nick` parameter to the "/classes/Comment" endpoint. This allows for potential malicious script execution. The estimated number of potentially affected devices and details about real-world incidents where this issue was exploited are not provided. **Recommendations** For xCss Valine version 1.4.14, update to version 1.4.15 to resolve the issue. As a temporary workaround, consider restricting access to the `/classes/Comment` endpoint or avoiding the use of the `nick` parameter until the update is applied.