Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed.
References
Link | Resource |
---|---|
https://github.com/apostrophecms/apostrophe/commit/c8b94ee9c79468f1ce28e31966cb0e0839165e59 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mend
Published: 2021-11-07T17:15:10
Updated: 2021-11-07T17:15:10
Reserved: 2021-01-22T00:00:00
Link: CVE-2021-25978
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-07T18:15:07.620
Modified: 2021-11-09T18:21:12.227
Link: CVE-2021-25978
JSON object: View
Redhat Information
No data.
CWE