Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/12 8:39 p.m.8 views

EUVD-2026-36566

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of sanitize-html prior to 2.17.4 can turn attacker-controlled content inside a disallowed xmp element into live HTML or...

9.3CVSS5.2AI score0.0037EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 6:26 p.m.7 views

GHSA-RPR9-RXV7-X643 Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

Summary Under the default configuration, sanitize-html can turn attacker-controlled content inside a disallowed xmp element into live HTML or JavaScript. This is a sanitizer bypass in the default disallowedTagsMode: 'discard' path and can lead to stored XSS in applications that render sanitized...

9.3CVSS6AI score0.0037EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/14 6:26 p.m.37 views

Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`

Summary Under the default configuration, sanitize-html can turn attacker-controlled content inside a disallowed xmp element into live HTML or JavaScript. This is a sanitizer bypass in the default disallowedTagsMode: 'discard' path and can lead to stored XSS in applications that render sanitized...

9.3CVSS6AI score0.0037EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.14 views

PT-2026-41152

Name of the Vulnerable Software and Affected Versions sanitize-html version 2.17.3 Description A sanitizer bypass exists in the default configuration where the disallowedTagsMode: 'discard' path fails to properly handle the xmp element. Because xmp is not included in the nonTextTags list, its...

9.3CVSS5.7AI score0.0037EPSS
Exploits0References9
PyPA
PyPA
added 2021/02/02 5:58 p.m.4 views

PYSEC-2021-865

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with stripcomments=False...

6.1CVSS6.3AI score0.00483EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder