Lucene search

CVE-2021-26540

🗓️ 08 Feb 2021 17:13:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 67 Views

Apostrophe Technologies sanitize-html before 2.3.2 allows bypass of hostname whitelist for iframe with "allowIframeRelativeUrls" set to true

Reporter	Title	Published	Views	Family All 12
Veracode	Privilege Escalation	9 Feb 202102:21	–	veracode
RedhatCVE	CVE-2021-26540	24 Feb 202114:04	–	redhatcve
Prion	Design/Logic Flaw	8 Feb 202117:15	–	prion
Cvelist	CVE-2021-26540	8 Feb 202116:16	–	cvelist
Node.js	Improper Input Validation	6 May 202116:14	–	nodejs
OSV	CVE-2021-26540	8 Feb 202117:15	–	osv
OSV	Improper Input Validation in sanitize-html	6 May 202116:10	–	osv
NVD	CVE-2021-26540	8 Feb 202117:15	–	nvd
Debian CVE	CVE-2021-26540	8 Feb 202117:15	–	debiancve
Github Security Blog	Improper Input Validation in sanitize-html	6 May 202116:10	–	github

Nvd

Node

apostrophecms sanitize-htmlRange<2.3.2node.js

Source	Link
github	www.github.com/apostrophecms/sanitize-html/pull/460
advisory	www.advisory.checkmarx.net/advisory/CX-2021-4309
github	www.github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 Feb 2021 17:15Current

5.1Medium risk

Vulners AI Score5.1

CVSS25

CVSS35.3

EPSS0.00191