CVE-2026-32774 | HackTesting

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.

Credits

Scott Moore - VulnCheck

References

https://github.com/Vulnogram/Vulnogram/security/advisories/GHSA-pg4p-2985-gvxr

https://github.com/Vulnogram/Vulnogram

https://www.vulncheck.com/advisories/vulnogram-stored-cross-site-scripting-via-comment-hypertext