3 matches found
CVE-2026-45011
ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to...
@_sh/strapi-plugin-ckeditor (>=5.0.2 <=7.1.1), @a.agiir/cinny (>=0.0.1 <=0.0.2) +1249 more potentially affected by CVE-2026-45011 via sanitize-html (>=2.10.0 <=2.17.3)
sanitize-html NPM version =2.10.0, =5.0.2, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =1.0.8, =0.6.2-alpha.0, =0.7.3, =0.6.2-alpha.0, =0.6.2-alpha.0, =0.6.2-alpha.0, =0.8.21 and more Source cves: CVE-2026-45011 Source advisory: SNYK:JS-SANITIZEHTML-16759743...
org.webjars.npm:github-com-daichirata-vue-sanitize (=0.2.2), org.webjars.npm:github-com-daichirata-vue-sanitize- (=0.2.2) potentially affected by CVE-2026-45011 via org.webjars.npm:sanitize-html (=2.7.0)
org.webjars.npm:sanitize-html MAVEN version =2.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sanitize-html and may be impacted: - org.webjars.npm:github-com-daichirata-vue-sanitize =0.2.2 -...