0.001 Low
EPSS
Percentile
22.7%
apostrophe is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in index.js allowing an attacker to insert arbitrary Javascript.
index.js
github.com/apostrophecms/apostrophe/commit/c8b94ee9c79468f1ce28e31966cb0e0839165e59
github.com/apostrophecms/apostrophe/pull/3394