Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apostrophecms sanitize-html vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-26539
Apostrophe Technologies sanitize-html prior to 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an malicious user to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
Apostrophecms Sanitize-html
5
CVSSv2
CVE-2021-26540
Apostrophe Technologies sanitize-html prior to 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows malicious users to bypass hostname whitelist for iframe ele...
Apostrophecms Sanitize-html
NA
CVE-2022-25887
The package sanitize-html prior to 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
Apostrophecms Sanitize-html
4.3
CVSSv2
CVE-2016-1000237
sanitize-html prior to 1.4.3 has XSS.
Apostrophecms Sanitize-html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2024-20360
CVE-2021-47559
XXE
CVE-2024-5229
CVE-2021-47543
CVE-2021-47571
SSTI
CVE-2024-4978
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started