CVE-2026-32774 MEDIUM

CVE-2026-32774: Vulnogram - Stored Cross-Site Scripting via Comment Hypertext

Vendor Vulnogram

Product Vulnogram

Weakness CWE-79 · XSS

Published March 14, 2026

Last update March 19, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.

Key dates

02Disclosure timeline

March 14, 2026 CVE published

March 19, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-32774

Related vulnerabilities

04Related CVE

CVE-2025-5757 code-projects Traffic Offense Reporting System save-reported.php cross site scripting CVE-2025-30623 WordPress wA11y – The Web Accessibility Toolbox plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability CVE-2023-6774 CodeAstro POS and Inventory Management System register_account cross site scripting CVE-2024-38036 BUG-000154827 - Reflected XSS in ArcGIS Experience Builder CVE-2025-8550 atjiu pybbs list cross site scripting