Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apostrophecms apostrophecms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-25978
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.
Apostrophecms Apostrophecms
9.8
CVSSv3
CVE-2021-25979
Apostrophe CMS versions before 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases t...
Apostrophecms Apostrophecms
6.1
CVSSv3
CVE-2016-1000237
sanitize-html prior to 1.4.3 has XSS.
Apostrophecms Sanitize-html
7.5
CVSSv3
CVE-2022-25887
The package sanitize-html prior to 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
Apostrophecms Sanitize-html
5.3
CVSSv3
CVE-2021-26539
Apostrophe Technologies sanitize-html prior to 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an malicious user to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
Apostrophecms Sanitize-html
5.3
CVSSv3
CVE-2021-26540
Apostrophe Technologies sanitize-html prior to 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows malicious users to bypass hostname whitelist for iframe ele...
Apostrophecms Sanitize-html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started