Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1183

Malware in sbrugna...

5.3CVSS5.3AI score0.01953EPSS
Exploits1References10
Node.js
Node.js
added 2021/05/06 4:14 p.m.40 views

Improper Input Validation

Overview sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with...

5CVSS4.4AI score0.01754EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/05/06 4:10 p.m.2 views

GHSA-MJXR-4V3X-Q3M4 Improper Input Validation in sanitize-html

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5.3CVSS5.9AI score0.01754EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2021/02/24 2:4 p.m.22 views

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5.3CVSS4AI score0.01754EPSS
Exploits1References3
Veracode
Veracode
added 2021/02/09 2:21 a.m.18 views

Privilege Escalation

sanitize-html is vulnerable to privilege escalation. An attacker is able to bypass hostname whitelist for iframe element when the "allowIframeRelativeUrls" is set to true due to the hostnames set by the "allowedIframeHostnames" not properly validated...

5.3CVSS2.8AI score0.01754EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2021/02/08 5:15 p.m.24 views

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5.3CVSS0.01754EPSS
Exploits1References3
OSV
OSV
added 2021/02/08 5:15 p.m.17 views

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5.3CVSS6.8AI score
Exploits0References3
Prion
Prion
added 2021/02/08 5:15 p.m.12 views

Design/Logic Flaw

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...

5CVSS5.4AI score0.01953EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/02/08 5:15 p.m.19 views

Design/Logic Flaw

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...

5CVSS5.5AI score0.01754EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2021/02/08 4:16 p.m.176 views

CVE-2021-26539

CVE-2021-26539 affects Apostrophe Technologies sanitize-html prior to version 2.3.1. The vulnerability arises from improper handling of internationalized domain names (IDN), which can allow an attacker to bypass the hostname whitelist validated by the allowedIframeHostnames option. Impact is bypa...

5.3CVSS5AI score0.01953EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/02/08 4:16 p.m.35 views

CVE-2021-26539

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...

5.5AI score0.01953EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/02/08 12:0 a.m.10 views

Abea Apostrophe Technologies sanitize-html security vulnerability

Abea Apostrophe Technologies sanitize-html is a formatting removal tool organized by Abea USA. It provides simple HTML tag removal with a clear API. A security vulnerability exists in Apostrophe Technologies sanitize-html versions prior to 2.3.1, which stems from the inability to properly handle...

5.3CVSS6AI score0.01953EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2021/02/08 12:0 a.m.9 views

PT-2021-17026

Name of the Vulnerable Software and Affected Versions sanitize-html versions prior to 2.3.1 Description The issue arises from improper handling of internationalized domain names IDN, which could allow an attacker to bypass hostname whitelist validation set by the allowedIframeHostnames option. Th...

5.3CVSS5.6AI score0.01953EPSS
Exploits1References11
Rows per page
Query Builder