Lucene search
K

99 matches found

Vulnrichment
Vulnrichment
added 2021/11/08 2:20 p.m.5 views

CVE-2021-25979 Apostrophe - Insufficient Session Expiration

Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third party could not be locked out by those means. As a mitigation for older releases the user account...

9.8CVSS6.7AI score0.01103EPSS
Exploits0References1
CVE
CVE
added 2021/11/08 2:20 p.m.62 views

CVE-2021-25979

Apostrophe CMS vulnerability CVE-2021-25979 affects versions 2.63.0 through 3.3.1, where the system does not invalidate existing login sessions when disabling a user or changing a password. This can allow a compromised device to maintain access after actions intended to lock out the user. The roo...

9.8CVSS9.3AI score0.01103EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/08 12:0 a.m.3 views

PT-2021-16903 · Unknown · Apostrophe Cms

Name of the Vulnerable Software and Affected Versions: Apostrophe CMS versions prior to 3.3.1 Description: The issue allows unauthenticated remote attackers to hijack recently logged-in users' sessions due to insufficient session expiration. This can occur when a device is compromised by a third...

9.8CVSS9.3AI score0.01103EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.4 views

Apostrophe 代码问题漏洞

Apostrophe is a full-featured open source Cms built with Node.js by Apostrophe, Inc. designed to empower organizations by combining contextual editing and headless architecture in a full-stack Js environment.Apostrophe CMS is vulnerable to an authorization issue in versions 2.63.0 through 3.3.1,...

9.8CVSS5.6AI score0.01103EPSS
Exploits0References1
NVD
NVD
added 2021/11/07 6:15 p.m.32 views

CVE-2021-25978

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...

5.4CVSS0.00483EPSS
Exploits0References1
OSV
OSV
added 2021/11/07 6:15 p.m.13 views

CVE-2021-25978

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...

5.4CVSS5.7AI score
Exploits0References1
Prion
Prion
added 2021/11/07 6:15 p.m.14 views

Cross site scripting

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...

3.5CVSS5.1AI score0.00483EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/11/07 5:15 p.m.52 views

CVE-2021-25978

CVE-2021-25978 affects Apostrophe CMS versions 2.63.0–3.3.1. The flaw is a Stored XSS in the Images module: an editor-uploaded SVG containing malicious JavaScript can trigger XSS when viewed. The connected documents confirm the vulnerability class and affected range but do not provide a remediati...

5.4CVSS5.1AI score0.00483EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/11/07 5:15 p.m.7 views

CVE-2021-25978 Apostrophe - XSS

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...

5.4CVSS5.8AI score0.00483EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/11/07 5:15 p.m.29 views

CVE-2021-25978 Apostrophe - XSS

Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed...

5.4CVSS5.4AI score0.00483EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/11/07 12:0 a.m.5 views

Apostrophe 跨站脚本漏洞

Apostrophe CMS is a fully functional open source CMS built using Node.js, designed to enhance organization by combining contextual editing and headless architecture in a full-stack JS environment.Apostrophe CMS = cross-site scripting vulnerability, which originates in Apostrophe CMS versions...

5.4CVSS5.2AI score0.00483EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/24 12:15 p.m.2 views

CVE-2021-36385

A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe aka U+FF07 in the default.aspx User ID field. Arbitrary system commands can be executed through the use of xpcmdshell...

10CVSS6.4AI score0.02736EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2021/05/06 6:12 p.m.3 views

@draadnl/openstad-cms (>=0.12.2 <=0.12.3), @ngodn/apostrophe (>=2.94.2 <=2.94.7) +37 more potentially affected by CVE-2020-7715 via deep-get-set (=0.1.1)

deep-get-set NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on deep-get-set and may be impacted: - @draadnl/openstad-cms =0.12.2, =2.94.2, =1.3.0, =0.0.1, =0.5.235, =2.94.1, =0.5.0, =0.5.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =2.93.0,...

9.8CVSS7.2AI score0.01965EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/05/06 4:10 p.m.31 views

Improper Input Validation in sanitize-html

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5.3CVSS4.3AI score0.01754EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2021/05/06 4:10 p.m.35 views

Improper Input Validation in sanitize-html

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...

5.3CVSS2.4AI score0.01953EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2021/02/24 2:4 p.m.23 views

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5.3CVSS4AI score0.01754EPSS
Exploits1References3
OSV
OSV
added 2021/02/08 5:15 p.m.18 views

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5.3CVSS6.8AI score
Exploits0References3
NVD
NVD
added 2021/02/08 5:15 p.m.25 views

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5.3CVSS0.01754EPSS
Exploits1References3
OSV
OSV
added 2021/02/08 5:15 p.m.17 views

CVE-2021-26539

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...

5.3CVSS6.7AI score0.01953EPSS
Exploits1References3
NVD
NVD
added 2021/02/08 5:15 p.m.36 views

CVE-2021-26539

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...

5.3CVSS0.01953EPSS
Exploits1References3
Rows per page
Query Builder