Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apostrophecms vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-25978
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.
Apostrophecms Apostrophecms
668
VMScore
CVE-2021-25979
Apostrophe CMS versions before 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases t...
Apostrophecms Apostrophecms
383
VMScore
CVE-2016-1000237
sanitize-html prior to 1.4.3 has XSS.
Apostrophecms Sanitize-html
NA
CVE-2022-25887
The package sanitize-html prior to 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
Apostrophecms Sanitize-html
445
VMScore
CVE-2021-26539
Apostrophe Technologies sanitize-html prior to 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an malicious user to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
Apostrophecms Sanitize-html
445
VMScore
CVE-2021-26540
Apostrophe Technologies sanitize-html prior to 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows malicious users to bypass hostname whitelist for iframe ele...
Apostrophecms Sanitize-html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started