Количество 4
Количество 4
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com".
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly v ...
GHSA-mjxr-4v3x-q3m4
Improper Input Validation in sanitize-html
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-26540 Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com". | CVSS3: 5.3 | 0% Низкий | около 5 лет назад |
 | CVE-2021-26540 Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\\example.com". | CVSS3: 5.3 | 0% Низкий | около 5 лет назад |
| CVE-2021-26540 Apostrophe Technologies sanitize-html before 2.3.2 does not properly v ... | CVSS3: 5.3 | 0% Низкий | около 5 лет назад |
| GHSA-mjxr-4v3x-q3m4 Improper Input Validation in sanitize-html | CVSS3: 5.3 | 0% Низкий | почти 5 лет назад |
Уязвимостей на страницу