apostrophecms Summary
Latest vulnerabilities published by apostrophecms
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass
CVE-2026-53609ApostrophecmsApostrophe9.1CRITICAL@apostrophecms/seo Vulnerable to Stored XSS via Unsanitized Google Analytics / GTM ID Injected into Script Tag
CVE-2026-53608Apostrophecms@apostrophecms/seo8.7HIGH@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header
CVE-2026-53607ApostrophecmsApostrophe3.7LOWsanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes
CVE-2026-53606ApostrophecmsSanitize-html5.4MEDIUMApostrophe Vulnerable to Stored Cross-Site Scripting via Unsanitized User Display Name in Draft Version Tooltip
CVE-2026-45014ApostrophecmsApostrophe5.3MEDIUMApostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation
CVE-2026-45013ApostrophecmsApostrophe8.1HIGHApostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget
CVE-2026-45012ApostrophecmsApostrophe7.6HIGHApostrophe has stored XSS via javascript: URL in Image Widget Link
CVE-2026-45011ApostrophecmsApostrophe7.3HIGHApostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`
CVE-2026-44990ApostrophecmsSanitize-html9.3CRITICAL@apostrophecms/cli: Command Injection in apos create via Unsanitized Password Input
CVE-2026-42853Apostrophecms@apostrophecms/cli6.5MEDIUMXSS Bypass Vulnerability in ApostropheCMS through Sanitize-HTML NPM Package
CVE-2026-40186ApostrophecmsApostrophe6.1MEDIUMAuthorization Bypass in ApostropheCMS Affects Open-Source Node.js Content Management System
CVE-2026-39857ApostrophecmsApostrophe5.3MEDIUMStored Cross-Site Scripting Vulnerability in ApostropheCMS by Apostrophe
CVE-2026-35569ApostrophecmsApostrophe8.7HIGHStored Cross-Site Scripting Vulnerability in ApostropheCMS by Apostrophe
CVE-2026-33889ApostrophecmsApostrophe5.4MEDIUMAuthorization Bypass Vulnerability in ApostropheCMS
CVE-2026-33888ApostrophecmsApostrophe5.3MEDIUMTiming Side-Channel Vulnerability in ApostropheCMS by Apostrophe
CVE-2026-33877ApostrophecmsApostrophe3.7LOWFile Write Path Vulnerability in ApostropheCMS by Apostrophe
CVE-2026-32731ApostrophecmsImport-exportπΎπ‘10CRITICALBypass of Multi-Factor Authentication in ApostropheCMS
CVE-2026-32730ApostrophecmsApostrophe8.1HIGHRegular Expression Denial of Service (ReDoS)
CVE-2022-25887ApostrophecmsSanitize-html5.3MEDIUMImproper Input Validation in Sanitize-HTML by Apostrophe Technologies
CVE-2021-26540ApostrophecmsSanitize-html5.3MEDIUMInternationalized Domain Name Vulnerability in Apostrophe Technologies' Sanitizer
CVE-2021-26539ApostrophecmsSanitize-html5.3MEDIUM