Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apostrophecms sanitize-html vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-1000237
sanitize-html prior to 1.4.3 has XSS.
Apostrophecms Sanitize-html
7.5
CVSSv3
CVE-2022-25887
The package sanitize-html prior to 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
Apostrophecms Sanitize-html
5.3
CVSSv3
CVE-2021-26539
Apostrophe Technologies sanitize-html prior to 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an malicious user to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
Apostrophecms Sanitize-html
5.3
CVSSv3
CVE-2021-26540
Apostrophe Technologies sanitize-html prior to 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows malicious users to bypass hostname whitelist for iframe ele...
Apostrophecms Sanitize-html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started