Cross-site Scripting
An issue was discovered in the Comments plug for Craft CMS. There is stored XSS via an asset volume name.
Advisories for Composer/Verbb/Comments package
2020
Cross-site Scripting
An issue was discovered in the Comments plugin for Craft CMS. It suffers from a persistent Cross-site Scripting flaw by allowing malicious users to inject javascript into the guest name.
Cross-Site Request Forgery (CSRF)
A Cross-Site Request Forgery issue was discovered in the Comments plugin for Craft CMS. The CSRF issue can affect the integrity of comments.