Known Vulnerabilities for products from Apostrophecms
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Apostrophecms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40186 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-39857 json | Not Provided | 2026-04-15 | 2026-04-16 | |
| CVE-2026-35569 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-33889 json | Not Provided | 2026-04-15 | 2026-04-16 | |
| CVE-2026-33888 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2026-33877 json | Not Provided | 2026-04-15 | 2026-04-15 | |
| CVE-2022-28396 json | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further inv... | Not Provided | 2022-04-12 | 2023-11-07 |
| CVE-2022-25887 json | The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global ... | 7.5 - HIGH | 2022-08-30 | 2023-08-08 |
| CVE-2021-26540 json | Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostname... | 5.3 - MEDIUM | 2021-02-08 | 2021-04-01 |
| CVE-2021-26539 json | Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could a... | 5.3 - MEDIUM | 2021-02-08 | 2022-04-26 |
| CVE-2021-25979 json | Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows un... | 9.8 - CRITICAL | 2021-11-08 | 2022-08-10 |
| CVE-2021-25978 json | Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contain... | 5.4 - MEDIUM | 2021-11-07 | 2021-11-09 |
| CVE-2016-1000237 json | sanitize-html before 1.4.3 has XSS. | 6.1 - MEDIUM | 2020-01-23 | 2020-01-24 |
Known software with vulnerabilities from Apostrophecms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Apostrophecms | Sanitize-html | 0.1.0 |