Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.10 views

CVE-2026-40186

ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...

6.1CVSS5.7AI score0.00235EPSS
Exploits1References1
OSV
OSV
added 2026/04/16 9:8 p.m.9 views

GHSA-9MRH-V2V3-XPFM sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements

Summary Commit 49d0bb7 introduced a regression in sanitize-html that bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option. Entity-encoded HTML inside these elements passes through the sanitizer as decoded, unescaped HTML, allowing injection of arbitrary...

6.1CVSS6.1AI score0.00235EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/15 8:15 p.m.4 views

CVE-2026-40186 ApostropheCMS: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements

ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...

6.1CVSS6AI score0.00235EPSS
Exploits1References2
CNVD
CNVD
added 2018/06/15 12:0 a.m.5 views

Sanitize-html Cross-Site Scripting Vulnerability

Sanitize-html is a tool for cleaning up user-submitted HTML. A cross-site scripting vulnerability exists in Sanitize-html 1.11.1 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via nonTextTags...

6.1CVSS5.7AI score0.01357EPSS
Exploits1References1
Rows per page
Query Builder