Lucene search
+L

134 matches found

OSV
OSV
added 2026/06/12 8:39 p.m.5 views

CVE-2026-44990 Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of sanitize-html prior to 2.17.4 can turn attacker-controlled content inside a disallowed xmp element into live HTML or...

9.3CVSS5.9AI score0.00491EPSS
Exploits0References13
Vulnrichment
Vulnrichment
added 2026/06/12 8:37 p.m.12 views

CVE-2026-42853 @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input

ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...

6.5CVSS5.8AI score0.00428EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:37 p.m.35 views

CVE-2026-42853 @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input

ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...

6.5CVSS0.00428EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:37 p.m.23 views

CVE-2026-42853

Vulnerability: CVE-2026-42853 affects ApostropheCMS CLI (@apostrophecms/cli) versions up to 3.6.0. Description: command injection in the apos create flow caused by embedding unsanitized password-prompt input directly into a shell command, enabling arbitrary command execution on the host. Root cau...

6.5CVSS5.8AI score0.00428EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 8:37 p.m.4 views

CVE-2026-42853 @apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input

ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...

6.5CVSS6.2AI score0.00428EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48984

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.1 Description ApostropheCMS, an open-source Node.js content management system, contains a stored cross-site scripting issue. This occurs because the user display name is not properly sanitized when displaye...

5.3CVSS4.8AI score0.00286EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48991

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.31.0 Description When the prettyUrls: true setting is enabled on the @apostrophecms/file module, the public pretty-URL handler constructs an upstream URL using the raw Host HTTP request header. This URL is the...

3.7CVSS5.3AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.23 views

PT-2026-49006

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.30.1 Description A prototype pollution issue exists in the apos.util.set function, which traverses dot-notation paths without sanitizing the proto property. This allows an authenticated editor to write arbitra...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-49005

Name of the Vulnerable Software and Affected Versions @apostrophecms/seo versions prior to 1.4.3 Description Stored Cross-Site Scripting XSS occurs when the @apostrophecms/seo package injects the Google Analytics Tracking ID seoGoogleTrackingId and Google Tag Manager ID seoGoogleTagManager direct...

8.7CVSS5.5AI score0.0021EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/14 6:27 p.m.18 views

Apostrophe has stored XSS via javascript: URL in Image Widget Link

Summary A stored cross-site scripting vulnerability was identified in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to publish pages, the malicious widget can be published to the liv...

7.3CVSS5.8AI score0.00211EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/14 6:27 p.m.12 views

Improper Encoding or Escaping of Output

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

5.4CVSS6.1AI score0.00211EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 6:27 p.m.8 views

GHSA-5F64-7VFC-RCX6 Apostrophe has stored XSS via javascript: URL in Image Widget Link

Summary A stored cross-site scripting vulnerability was identified in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to publish pages, the malicious widget can be published to the liv...

7.3CVSS5.8AI score0.00211EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 6:27 p.m.9 views

GHSA-GF43-24G3-5HW2 Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation

Summary ApostropheCMS's password reset flow constructs the reset URL using req.hostname, which is derived directly from the attacker-controlled HTTP Host header when apos.baseUrl is not explicitly configured. An unauthenticated attacker who knows a victim's email address can send a crafted reset...

8.1CVSS5.8AI score0.0025EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/14 6:26 p.m.8 views

Server-side Request Forgery (SSRF)

Overview apostrophe is a content management system CMS for Node.js. It supports in-context editing, schema-driven content types, flexible widgets and a great deal more. This module contains everything necessary to build a website with ApostropheCMS. Affected versions of this package are vulnerabl...

8.5CVSS5.9AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 6:26 p.m.6 views

GHSA-PR28-MF3Q-QPG6 Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

Summary ApostropheCMS contains an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch attacker-controlled URLs during widget validation. For image-compatible responses,...

7.6CVSS5.8AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.23 views

PT-2026-41154

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.1 Description An authenticated server-side request forgery SSRF exists in the rich-text widget import flow. An authenticated user with permissions to submit or edit rich-text widget content can force the...

7.6CVSS5.3AI score0.00197EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.22 views

PT-2026-41155

Name of the Vulnerable Software and Affected Versions ApostropheCMS versions prior to 4.29.0 Description The password reset flow in the resetRequest route of the modules/@apostrophecms/login/index.js component constructs the reset URL using req.hostname. When apos.baseUrl is not explicitly...

8.1CVSS5.2AI score0.0025EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/30 8:48 p.m.9 views

CVE-2026-35569

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields SEO Title and Meta Description, where user-controlled input is rendered without proper output encoding into HTML contexts includin...

8.7CVSS5.4AI score0.00298EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/16 9:8 p.m.8 views

EUVD-2026-23110

sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements...

6.1CVSS5.8AI score0.00235EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/16 8:45 p.m.7 views

EUVD-2026-23108

ApostropheCMS: Information Disclosure via choices/counts Query Parameters Bypassing publicApiProjection Field Restrictions...

5.3CVSS5.8AI score0.00435EPSS
Exploits1References3
Rows per page
Query Builder