Primary

Context

Victor CMS Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in Victor CMS version 1.0. The issue resides in the 'comment_author' POST parameter, allowing attackers to inject malicious JavaScript that is executed in the context of the victim's browser. This vulnerability can be exploited by submitting crafted comments through the comment submission form.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of users who view the affected comments.

Reproduction

To reproduce this vulnerability, send a POST request to 'post.php' with the 'comment_author' parameter containing a script tag, such as '<script>alert(1)</script>'. Include a valid session cookie to simulate an authenticated user. Once the comment is submitted, the injected script will execute when the comment is viewed.

Added: Feb 3, 2026, 10:49 PM

Updated: Feb 3, 2026, 10:49 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

7.9

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

7.9

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Victor CMS Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Victor CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating