CVE-2021-25978
CVE-2021-25978 affects Apostrophe CMS versions 2.63.0–3.3.1. The flaw is a Stored XSS in the Images module: an editor-uploaded SVG containing malicious JavaScript can trigger XSS when viewed. The connected documents confirm the vulnerability class and affected range but do not provide a remediati...