Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.
References
Link | Resource |
---|---|
https://github.com/apostrophecms/apostrophe/commit/c8b94ee9c79468f1ce28e31966cb0e0839165e59 | Patch Third Party Advisory |
https://github.com/apostrophecms/apostrophe/commit/c8b94ee9c79468f1ce28e31966cb0e0839165e59 | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 05:55
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/apostrophecms/apostrophe/commit/c8b94ee9c79468f1ce28e31966cb0e0839165e59 - Patch, Third Party Advisory |
Information
Published : 2021-11-07 18:15
Updated : 2024-11-21 05:55
NVD link : CVE-2021-25978
Mitre link : CVE-2021-25978
CVE.ORG link : CVE-2021-25978
JSON object : View
Products Affected
apostrophecms
- apostrophecms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')