CVE-2020-28847

Name of the Vulnerable Software and Affected Versions xCss Valine version 1.4.14

Description A Cross Site Scripting (XSS) issue exists in xCss Valine via the nick parameter to the "/classes/Comment" endpoint. This allows for potential malicious script execution. The estimated number of potentially affected devices and details about real-world incidents where this issue was exploited are not provided.

Recommendations For xCss Valine version 1.4.14, update to version 1.4.15 to resolve the issue. As a temporary workaround, consider restricting access to the /classes/Comment endpoint or avoiding the use of the nick parameter until the update is applied.