Lucene search
K

99 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-23000

Malware in sbrugna...

10CVSS9.2AI score0.02736EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.3 views

Apostrophe sanitize-html 安全漏洞

Apostrophe sanitize-html is a library from Apostrophe USA. It cleans up user-submitted HTML, keeping whitelisted elements and whitelisted attributes on a per-element basis. A security vulnerability exists in Apostrophe sanitize-html versions prior to 1.0.3 that stems from the naughtyHref function...

6.1CVSS5.8AI score0.00256EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/08 12:0 a.m.3 views

Apostrophe sanitize-html 安全漏洞

Apostrophe sanitize-html is a library from Apostrophe USA. It cleans up user-submitted HTML, keeping whitelisted elements and whitelisted attributes on a per-element basis. A security vulnerability exists in Apostrophe sanitize-html prior to version 2.0.0-beta, which stems from the sanitizeHtml...

6.1CVSS5.8AI score0.00251EPSS
Exploits1References5
OSV
OSV
added 2025/08/22 6:8 p.m.4 views

CLSA-2025-1755886078 tuned: Fix of CVE-2024-52337

CVE-2024-52337: sanitize API arguments to prevent log spoofing by both escaping ' characters and restricting newlines from being inserted...

5.5CVSS6.4AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:37 p.m.7 views

CVE-2021-25979

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

9.8CVSS6.7AI score0.01103EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:27 p.m.10 views

CVE-2021-25978

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...

5.4CVSS5.8AI score0.00483EPSS
Exploits0
CNNVD
CNNVD
added 2024/02/24 12:0 a.m.4 views

Apostrophe sanitize-html security vulnerability

Apostrophe sanitize-html is a library from Apostrophe USA. It cleans up user-submitted HTML, keeping whitelisted elements and whitelisted attributes on a per-element basis. A security vulnerability exists in Apostrophe sanitize-html versions prior to 2.12.1. An attacker exploited the vulnerabilit...

5.3CVSS7.6AI score0.01018EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.4 views

SUSE CVE-2008-2380

SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes...

5.1CVSS8.8AI score0.01816EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2023/01/05 12:0 a.m.100 views

CVE-2022-31631

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

9.1CVSS6.9AI score0.02154EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2022/06/25 12:0 a.m.5 views

@draadnl/openstad-cms (>=0.12.2 <=0.12.3), @ngodn/apostrophe (>=2.94.2 <=2.94.7) +38 more potentially affected by CVE-2022-21231 via deep-get-set (>=0.1.1 <=1.1.1)

deep-get-set NPM version =0.1.1, =0.12.2, =2.94.2, =1.3.0, =0.0.1, =0.5.235, =2.94.1, =0.5.0, =0.5.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =2.93.0, =2.93.2 and more Source cves: CVE-2022-21231 Source advisory: OSV:GHSA-MJJJ-6P43-VHHV...

9.8CVSS7.2AI score0.01313EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/11/10 5:2 p.m.32 views

Apostrophe CMS Insufficient Session Expiration vulnerability

Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions. As a mitigation for older releases the user account in question can be archived 3.x or moved to...

9.8CVSS4.7AI score0.01103EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/11/10 5:2 p.m.36 views

GHSA-9J9M-8WJC-FF96 Apostrophe CMS Insufficient Session Expiration vulnerability

Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions. As a mitigation for older releases the user account in question can be archived 3.x or moved to...

9.8CVSS9.4AI score0.01103EPSS
Exploits0References3
OSV
OSV
added 2021/11/10 4:45 p.m.12 views

GHSA-4R9C-JGHC-CX5M Cross-site Scripting in apostrophe

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...

5.4CVSS5.1AI score0.00483EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/11/10 4:45 p.m.34 views

Cross-site Scripting in apostrophe

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...

5.4CVSS2.3AI score0.00483EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2021/11/10 12:0 a.m.16 views

Apostrophe licensing issue vulnerability

Apostrophe is a full-featured open source Cms built with Node.js by Apostrophe, Inc. designed to empower organizations by combining contextual editing and headless architecture in a full-stack Js environment.Apostrophe CMS is vulnerable to an authorization issue in versions 2.63.0 through 3.3.1,...

9.8CVSS3.1AI score0.01103EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/09 12:0 a.m.53 views

Apostrophe CMS Cross-Site Scripting Vulnerability

Apostrophe CMS is a fully functional open source CMS built using Node.js, designed to enhance organization by combining contextual editing and headless architecture in a full-stack JS environment.Apostrophe CMS = cross-site scripting vulnerability, which originates in Apostrophe CMS versions...

5.4CVSS0.5AI score0.00483EPSS
Exploits0References1
NVD
NVD
added 2021/11/08 3:15 p.m.38 views

CVE-2021-25979

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

9.8CVSS0.01103EPSS
Exploits0References1
OSV
OSV
added 2021/11/08 3:15 p.m.14 views

CVE-2021-25979

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

9.8CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2021/11/08 3:15 p.m.23 views

Session fixation

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

7.5CVSS9.2AI score0.01103EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/11/08 2:20 p.m.5 views

CVE-2021-25979 Apostrophe - Insufficient Session Expiration

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

9.8CVSS6.7AI score0.01103EPSS
Exploits0References1
Rows per page
Query Builder