CVE-2026-32774 — Vulnogram contains a stored cross-site scripting vulnerability in comment hypert

Description

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers.

How to fix CVE-2026-32774

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

—no fix listed

Is CVE-2026-32774 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 1.0.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
osv	CVSS 3.1	MEDIUM6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-32774
PATCHgithub.com/Vulnogram/Vulnogram
WEBgithub.com/Vulnogram/Vulnogram/commit/2f0e21b113c58124084c7b74c9768fc241126a05
WEBgithub.com/Vulnogram/Vulnogram/security/advisories/GHSA-pg4p-2985-gvxr