apostrophecms Sanitize Html Vulnerabilities
Apostrophecms Sanitize-html vulnerabilities.
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes
CVE-2026-53606ApostrophecmsSanitize-html5.4MEDIUMApostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html`
CVE-2026-44990ApostrophecmsSanitize-html9.3CRITICALXSS Bypass Vulnerability in ApostropheCMS through Sanitize-HTML NPM Package
CVE-2026-40186ApostrophecmsApostrophe6.1MEDIUMRegular Expression Denial of Service (ReDoS)
CVE-2022-25887ApostrophecmsSanitize-html5.3MEDIUMImproper Input Validation in Sanitize-HTML by Apostrophe Technologies
CVE-2021-26540ApostrophecmsSanitize-html5.3MEDIUMInternationalized Domain Name Vulnerability in Apostrophe Technologies' Sanitizer
CVE-2021-26539ApostrophecmsSanitize-html5.3MEDIUM