Lucene search
+L

4 matches found

nodejs
nodejs
added 2021/05/06 4:14 p.m.36 views

Improper Input Validation

Overview sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option. Recommendation Upgrade to version 2.3.1 or later References - CVE - GitHub Advisory...

5CVSS4.2AI score0.01953EPSS
Exploits1Affected Software1
vulnersosv
vulnersosv
added 2021/05/06 4:10 p.m.7 views

08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +6284 more potentially affected by CVE-2021-26539 via sanitize-html (>=0.1.4 <=2.3.0)

sanitize-html NPM version =0.1.4, =1.0.0, =0.15.4, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =0.6.0, =3.0.19, =1.3.0, =2.6.0, =6.0.1 and more Source cves: CVE-2021-26539 Source advisory: OSV:GHSA-RJQQ-98F6-6J3R...

5.3CVSS6AI score0.01953EPSS
Exploits1
redhatcve
redhatcve
added 2021/02/24 2:4 p.m.16 views

CVE-2021-26539

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...

5.3CVSS2.3AI score0.01953EPSS
Exploits1References3
cve
cve
added 2021/02/08 4:16 p.m.177 views

CVE-2021-26539

CVE-2021-26539 affects Apostrophe Technologies sanitize-html prior to version 2.3.1. The vulnerability arises from improper handling of internationalized domain names (IDN), which can allow an attacker to bypass the hostname whitelist validated by the allowedIframeHostnames option. Impact is bypa...

5.3CVSS5AI score0.01953EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder