RSS   Vulnerabilities for 'Apostrophecms'   RSS

2022-04-12
 
CVE-2022-28396

NVD-CWE-noinfo
 

 
Apostrophe v3.16.1 was discovered to contain a remote code execution (RCE) vulnerability via the component uploadfs.

 
2021-11-08
 
CVE-2021-25979

CWE-613
 

 
Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sessions.

 
2021-11-07
 
CVE-2021-25978

CWE-79
 

 
Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.

 

 >>> Vendor: Apostrophecms 2 Products
Sanitize-html
Apostrophecms


Copyright 2022, cxsecurity.com

 

Back to Top