Apostrophe Technologies sanitize-html prior to 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an malicious user to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apostrophecms sanitize-html |