Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apostrophecms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-25978
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.
Apostrophecms Apostrophecms
9.8
CVSSv3
CVE-2021-25979
Apostrophe CMS versions before 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases t...
Apostrophecms Apostrophecms
5.3
CVSSv3
CVE-2021-26539
Apostrophe Technologies sanitize-html prior to 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an malicious user to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
Apostrophecms Sanitize-html
5.3
CVSSv3
CVE-2021-26540
Apostrophe Technologies sanitize-html prior to 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows malicious users to bypass hostname whitelist for iframe ele...
Apostrophecms Sanitize-html
7.5
CVSSv3
CVE-2022-25887
The package sanitize-html prior to 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
Apostrophecms Sanitize-html
6.1
CVSSv3
CVE-2016-1000237
sanitize-html prior to 1.4.3 has XSS.
Apostrophecms Sanitize-html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started