99 matches found
CVE-2021-25979 Apostrophe - Insufficient Session Expiration
Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...
CVE-2021-25979
Apostrophe CMS vulnerability CVE-2021-25979 affects versions 2.63.0 through 3.3.1, where the system does not invalidate existing login sessions when disabling a user or changing a password. This can allow a compromised device to maintain access after actions intended to lock out the user. The roo...
PT-2021-16903 · Unknown · Apostrophe Cms
Name of the Vulnerable Software and Affected Versions: Apostrophe CMS versions prior to 3.3.1 Description: The issue allows unauthenticated remote attackers to hijack recently logged-in users' sessions due to insufficient session expiration. This can occur when a device is compromised by a third...
Apostrophe 代码问题漏洞
Apostrophe is a full-featured open source Cms built with Node.js by Apostrophe, Inc. designed to empower organizations by combining contextual editing and headless architecture in a full-stack Js environment.Apostrophe CMS is vulnerable to an authorization issue in versions 2.63.0 through 3.3.1,...
CVE-2021-25978
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...
CVE-2021-25978
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...
Cross site scripting
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...
CVE-2021-25978
CVE-2021-25978 affects Apostrophe CMS versions 2.63.0–3.3.1. The flaw is a Stored XSS in the Images module: an editor-uploaded SVG containing malicious JavaScript can trigger XSS when viewed. The connected documents confirm the vulnerability class and affected range but do not provide a remediati...
CVE-2021-25978 Apostrophe - XSS
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...
CVE-2021-25978 Apostrophe - XSS
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...
Apostrophe 跨站脚本漏洞
Apostrophe CMS is a fully functional open source CMS built using Node.js, designed to enhance organization by combining contextual editing and headless architecture in a full-stack JS environment.Apostrophe CMS = cross-site scripting vulnerability, which originates in Apostrophe CMS versions...
CVE-2021-36385
A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe aka U+FF07 in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xpcmdshell...
@draadnl/openstad-cms (>=0.12.2 <=0.12.3), @ngodn/apostrophe (>=2.94.2 <=2.94.7) +37 more potentially affected by CVE-2020-7715 via deep-get-set (=0.1.1)
deep-get-set NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on deep-get-set and may be impacted: - @draadnl/openstad-cms =0.12.2, =2.94.2, =1.3.0, =0.0.1, =0.5.235, =2.94.1, =0.5.0, =0.5.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =2.93.0,...
Improper Input Validation in sanitize-html
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...
Improper Input Validation in sanitize-html
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...
CVE-2021-26539
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...
CVE-2021-26539
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...