Lucene search
K

6 matches found

OSV
OSV
added 2026/06/04 8:57 p.m.9 views

ROOT-APP-NPM-CVE-2021-26540 CVE-2021-26540 in @rootio/sanitize-html - Patched by Root

Root has patched CVE-2021-26540 in the @rootio/sanitize-html package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.01754EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/05/06 4:10 p.m.7 views

08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +6284 more potentially affected by CVE-2021-26540 via sanitize-html (>=0.1.4 <=2.3.1)

sanitize-html NPM version =0.1.4, =1.0.0, =0.15.4, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =0.6.0, =3.0.19, =1.3.0, =2.6.0, =6.0.1 and more Source cves: CVE-2021-26540 Source advisory: OSV:GHSA-MJXR-4V3X-Q3M4...

5.3CVSS6AI score0.01754EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2021/02/24 2:4 p.m.23 views

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5.3CVSS4AI score0.01754EPSS
Exploits1References3
OSV
OSV
added 2021/02/08 5:15 p.m.18 views

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5.3CVSS6.8AI score
Exploits0References3
NVD
NVD
added 2021/02/08 5:15 p.m.25 views

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5.3CVSS0.01754EPSS
Exploits1References3
CVE
CVE
added 2021/02/08 4:16 p.m.114 views

CVE-2021-26540

The CVE-2021-26540 issue affects Apostrophe Technologies sanitize-html prior to 2.3.2, where the hostnames set in allowedIframeHostnames could be bypassed when allowIframeRelativeUrls is true, enabling bypass of the hostname whitelist for iframe src values starting with /\example.com. Public disc...

5.3CVSS5.1AI score0.01754EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder