Lucene search
China National Vulnerability DatabaseCNVD-2021-100613HistoryNov 09, 2021 - 12:00 a.m.
Apostrophe CMS Cross-Site Scripting Vulnerability
2021-11-0900:00:00
China National Vulnerability Database
www.cnvd.org.cn
24
0.001 Low
EPSS
Percentile
22.7%
Apostrophe CMS is a fully functional open source CMS built using Node.js, designed to enhance organization by combining contextual editing and headless architecture in a full-stack JS environment.Apostrophe CMS = cross-site scripting vulnerability, which originates in Apostrophe CMS versions between 2.63.0 and 3.3.1 is vulnerable to a stored XSS attack. An attacker could exploit this vulnerability to upload SVG files containing malicious JavaScript to the Images module, which, once viewed, would trigger XSS.
| CPE | Name | Operator | Version |
|---|---|---|---|
| Apostrophe CMS Apostrophe CMS >=2.63.0, | le | 3.3.1 |
Related
prion
prion
Cross site scripting
2021-11-07 18:15:00
osv
osv
Cross-site Scripting in apostrophe
2021-11-10 16:45:34
CVE-2021-25978
2021-11-07 18:15:07
nvd
nvd
CVE-2021-25978
2021-11-07 18:15:07
cvelist
cvelist
CVE-2021-25978 Apostrophe - XSS
2021-11-07 17:15:10
veracode
veracode
Cross-site Scripting (XSS)
2021-11-08 04:40:40
cve
cve
CVE-2021-25978
2021-11-07 18:15:07
github
github
Cross-site Scripting in apostrophe
2021-11-10 16:45:34